How to configure app to support custom API and microsoft graph API

Farkaš, Eduard ml 21 Reputation points
2022-09-22T09:54:56.437+00:00

I am currently working on React Native app that uses Azure as backend and I am having trouble to call API in azure LogicApp that requires custom scope. We have this scope in "AppRegistration/Expose an API". (https://i.stack.imgur.com/piZLp.png)

In the mobile app I ask for scopes "openid", "profile", "email", "offline_access". I need to call Microsoft Graph for user information. This is no problem as we added required permissions (User.ReadWrite.All) into AppRegistration/permissions.

  • I can call what I need
  • I get refresh token which I need
    But I cannot call our API due to invalid token (http 401).

So the question is, how to properly setup permissions and scopes in the AppRegistration?

What I have tried:

  • Aadding required scope to mobile application

this cause my other scopes to "disappear". So in my decoded token i can see only this custom scope.
Additionaly I don't receive valid refresh token and I cannot call Microsoft Graph with access token I get.

this way I still couldnt call custom API
I really don't understand why the scopes I ask from mobile app are ignored and why permissions from AppRegistration are not working either when I ask for the custom scope from "Expose an API".

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
237 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,257 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,081 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2022-09-22T10:54:51.88+00:00

    Hello @Farkaš, Eduard ml and thanks for reaching out. In order to call an additional API you will need to get an additional access/refresh token set specifically issued for the additional API/resource. I.e. You will need to request and obtain one access token/refresh token pair for MS Graph and one access token for each additional API. You cannot request scopes for multiple API/resources in one single token request.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.