How to get User Id and Access Token in Microsoft Graph API C#

1
votes

I am attempting to create a multi-tenant app that will allow users to access their OneDrive. Due to the type of device that the app will be run on, it is not practical to have users entering their username and password each time they access the app, so I was going to setup the app so that an administrator can grant permissions on behalf of their users using the app only permissions (I have the admin consenting bit done).

The bit I am having trouble with now is that when a user accesses the app, I only have their email address.

How can I get an access token based on the user's email address without them having to sign-in (their admin has already consented, so the user shouldn't have too)?

2
c#oauthmicrosoft-graph-api

2 Answers

0
votes

If the admin has already consented, you can use the possibility to login without the user and retrieve a token.

How do I get the OneDrive?

  1. You stated that you have the user's email, so you could perform the query https://graph.microsoft.com/v1.0/users/{email address} and take the value of the id field.
  2. Perform the query https://graph.microsoft.com/v1.0/users/{user id}/drive and you have the drive of the user.
0
votes

Andy

According to this reference we can get an AccessToken by some background services or daemons.

Based on my test, we can try the following steps:
1. Get administrator consent:

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
         ClientId = clientId,
         Authority = authority,
         RedirectUri = redirectUri,
         PostLogoutRedirectUri = redirectUri,
         Scope = "openid profile",
         ResponseType = "id_token",
         TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "name" },
         Notifications = new OpenIdConnectAuthenticationNotifications
                             {
                                    AuthenticationFailed = this.OnAuthenticationFailedAsync,
                                    SecurityTokenValidated = this.OnSecurityTokenValidatedAsync
                              }
   });

ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
                                                                                       new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());

AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });

  1. We can get the user by the email from the url: https://graph.microsoft.com/v1.0/users/{userPrincipalName}. For example,https://graph.microsoft.com/v1.0/users/xxx.outlook.com

For more details, we can refer to v2.0 daemon sample on GitHub.