Microsoft graph API: unauthorized error when used with sharepoint and token attached

Question

I am working on a Sharepoint application. For my application, I have to fetch my details from Azure AD using Microsoft graph endpoints. I have generated the access token using /token endpoint and client_credentials grant type. When I use the token received in the response with the graph /users endpoint, I am getting an unauthorized error as shown in the below image:

On azure portal, all permissions are granted to microsoft graph API. Is there any configuration that is missing? How can I solve this unauthorized error?

How did you generate the access token? Could you provide more details? — Joy Wang-MSFT
I have followed this documentation to get access token. docs.microsoft.com/en-us/graph/auth-v2-service — Disha Agrawal

Joy Wang-MSFT Joy Wang-MSFT · Accepted Answer · 2019-01-07T08:46:37

Have not test with a v2.0 endpoint, if it is acceptable to use a v1.0 endpoint, you could refer to the steps.

1.Navigate to the Azure Active Directory in the portal -> App registrations -> New application registration, more details see this link.

2.Go to the AD App -> Keys -> generate a key for the AD App, copy the key value.

3.Then go to the Required permissions -> Add -> select the Microsoft Graph and Read all users' full profiles in the APPLICATION PERMISSIONS -> Save , note then don't forget to click the Grant permissions button.

4.I test it in the postman, specific the body what we need to get the access_token, the client_id is the Application ID of the AD App, client_secret is the key vaule you copied, grant_type is client_credentials, resource is https://graph.microsoft.com/.

Sample:

POST https://login.microsoftonline.com/<Tenant ID>/oauth2/token?api-version=1.0

5.Use the access_token to call MS Graph API, in my sample, I call the List users api, it works fine.

Microsoft graph API: unauthorized error when used with sharepoint and token attached

2 Answers