Microsoft Graph API (Onedrive REST APIs) get token with sign-in in a browser

PACHECO LLANOS, Aracely 56 Reputation points
2022-06-29T17:01:45.2+00:00

Hello,

I am coding a program to read and convert some files from one drive, and they are some code samples that I was using and it is working fine : https://github.com/microsoftgraph/python-sample-auth

However, for my final application I won't be able to open a browser and sign-in (using my credentials), I need to do it from the application without the need of a browser.

I am able to sign-in just when I use a browser. When I make some tests to get a token using "Call MsGraph with Secret" or "Call MsGraph with Certificate" (that I found in https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries). I had the following message: "/me request is only valid with delegated authentication flow."

I also tried https://learn.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-request

So, the queries I tried:

  • https://login.microsoftonline.com/<Tenant>/oauth2/token?grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>&resource=https://graph.microsoft.com
  • https://login.microsoftonline.com/<Tenant>/oauth2/token?grant_type=password&client_id=<client-id>&client_secret=<client-secret>&resource=https://graph.microsoft.com&username=<username>&password=<password>

The error I got:
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: c75d427c-be61-40c6-b39f-36ca84db5400\r\nCorrelation ID: 943e1255-ee4c-492b-b6e4-57f073156196\r\nTimestamp: 2022-06-29 16:51:21Z",

Is there a way I can get a token, without the need to sign-in the browser (to avoid the redirection to the url in the browser, and then get the code to get the token)?

Best regards,

Aracely

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,584 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,668 questions
Accepted answer
  1. CarlZhao-MSFT 36,896 Reputation points
    2022-06-30T08:01:10.44+00:00

    Hi @PACHECO LLANOS, Aracely

    Both the client credential flow and the ROPC flow can obtain an access token without logging into the browser.

    Please use garph SDK:

    The client credentials flow is used to call the /users/{user id} endpoint. 

        using Azure.Identity;  
    using Microsoft.Graph;  
          
    var scopes = new[] { "https://graph.microsoft.com/.default" };  
      
    // Multi-tenant apps can use "common",  
    // single-tenant apps must use the tenant ID from the Azure portal  
    var tenantId = "tenant id";  
      
    // Values from app registration  
    var clientId = "client id";  
    var clientSecret = "client secret";  
      
    // using Azure.Identity;  
    var options = new TokenCredentialOptions  
    {  
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud  
    };  
      
    // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential  
    var clientSecretCredential = new ClientSecretCredential(  
    tenantId, clientId, clientSecret, options);  
          
    var accessToken = await clientSecretCredential.GetTokenAsync(new Azure.Core.TokenRequestContext(scopes) { });  
      
    Console.WriteLine(accessToken.Token);  
  
// get graphClient  
//var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

    The ROPC flow is used to call the /me endpoint. 

        using Microsoft.Graph;  
    using Azure.Identity;  
    using Azure.Core;  
      
    var scopes = new[] { "https://graph.microsoft.com/.default" };  
      
    // Multi-tenant apps can use "common",  
    // single-tenant apps must use the tenant ID from the Azure portal  
    var tenantId = "tenant id";  
      
    // Value from app registration  
    var clientId = "client id";  
      
      
    // using Azure.Identity;  
    var options = new TokenCredentialOptions  
    {  
        AuthorityHost = AzureAuthorityHosts.AzurePublicCloud  
    };  
      
    var userName = "username";  
    var password = "password";  
          
    // https://learn.microsoft.com/dotnet/api/azure.identity.usernamepasswordcredential  
    var userNamePasswordCredential = new UsernamePasswordCredential(  
        userName, password, tenantId, clientId, options);  
         
    var accessToken = await userNamePasswordCredential.GetTokenAsync(new TokenRequestContext(scopes) { });  
    Console.WriteLine(accessToken.Token);  
  
//get graphClient  
//var graphClient = new GraphServiceClient(userNamePasswordCredential, scopes);

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest