how to get access without a user

Question

I am trying to follow this Get access without a user to get access token. I am getting access token using API request https://login.microsoftonline.com/<-tenant-id->/oauth2/token. When i used step 5 for above given link i got the following error :

{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
  "request-id": "e9e9820e-2a3f-411a-bc77-760c9369fc8f",
  "date": "2020-01-02T06:17:41"
}
}
}

I have registered app with the following permission : Calendars.Read, Calendars.ReadWrite, Sites.Read.All, User.Read, User.Read.All and have generated secret key and registered redirect url as : User.Read.All.

My questions are: 1. Have i done anything wrong while creating app? 2. Why step 4 is not working of the link? 3. Did i get wrong access access using the above given api request?

Joy Wang Joy Wang · Accepted Answer · 2020-01-02T07:31:51

In step 5, it calls the Microsoft Graph - Get a user, so make sure your app has the User.Read.All Application permission in Microsoft Graph(must be application permission, not delegated permission), after adding the permission, it appears like below(Note: don't forget to click the Grant admin consent button)

In the doc you provided, it uses the v2.0 endpoint /oauth2/v2.0/token, but you use the v1.0 endpoint /oauth2/token in your question.

So please change the request URL to /oauth2/v2.0/token, then use the one below.

Request URL:

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

Request body:

client_id=xxxxxxxxxxxxxxx
&scope=https://graph.microsoft.com/.default
&client_secret=xxxxxxxxxxxxxxxx
&grant_type=client_credentials

You can get the token in the postman.

Then use the token to call the Get a user API:

GET https://graph.microsoft.com/v1.0/users/<object-id of the user>

how to get access without a user

1 Answers