Azure App with Web API and Microsoft Graph

0
votes

I've Web App and API registered at https://apps.dev.microsoft.com. In my API, I've added in Pre-authorized applications my Web APP ID. So far so good. It works with the following scopes: openid, profile, and api://APP_ID_GUID/access_as_user.

I also need access to Microsoft Graph, but adding https://graph.microsof.com/user.read to my scopes results in:

AADSTS700022: Provided value for the input parameter scope is not valid because it contains more than one resource. Scope openid profile https://graph.microsoft.com/user.read api://APP_ID_GUID/access_as_user is not valid.

How can I get token so I can use both? I need only to list the users in the Active Directory. The only way I see it is to get a separate access token for Microsoft Graph and use it when I want to query the users from AD.

1
azure-active-directorymicrosoft-graph-api

1 Answers

3
votes

An access token is only valid on one API. You need two access tokens to call two APIs.

As long as your app has been granted the necessary consent, it can get the access tokens either by using a refresh token (you can get an access token for any resource using a refresh token) or a hidden iframe that uses implicit grant flow (that MSAL.JS uses).