I have a native C# .NET Console application which is used by customers to pull user license assignments from Graph for Office 365. I've implemented interactive authentication and admin consent, which is working. I also need to be able to script the application so it can run on a schedule, so want to authenticate non-interactively, providing the credentials when the application runs.
For this I'm using the following call:
https://login.microsoftonline.com/common/oauth2/token
resource=https%3A%2F%2Fgraph.microsoft.com
&client_id={_clientId}
&grant_type=password
&username={username}
&password={password}
Once the application is authorized for the user or via Admin Consent, this works for me against our tenant.
But for a customer I'm working with, this does not work. (The customer has two-factor authentication enabled, so I'm not sure if that is affecting it. Interactive authentication works for them, but Admin Consent, although it returns 'admin_consent=True', does not seem to be working, the user is still prompted to authorize the app, which they cannot do as they are not a global admin, but the global admin can authorize themselves.)
What is the best/correct (official/unofficial) way to authenticate non-interactively with Graph for Native applications. (All documentation I have read so far says it not supported for Native applications, and push towards the interactive authentication.)
Any help would be greatly appreciated.
Thanks
Gary
