I set up my Azure app registration application following this document: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-on-behalf-of-flow
I have my Web URI set as: https://localhost:xxxx/Application (client) ID. I added my custom page to the Web Redirect URIs, created a custom scope called 'ReadUser,' and configured the client application with Office Web client IDs. Additionally, I have ensured that all necessary permissions (openid, user.read, profile) are granted.
This is the configuration code in my XML files:
<WebApplicationInfo>
<Id>My Application (client) ID</Id>
<Resource>api://localhost:xxxx/Application (client) ID</Resource>
<Scopes>
<Scope>user.read</Scope>
<Scope>openid</Scope>
<Scope>profile</Scope>
</Scopes>
</WebApplicationInfo>
However, when I use the access token generated by the office.auth.getAccessToken()
function to make a call to the Graph API https://graph.microsoft.com/v1.0/meto retrieve my user profile, it returns a 401 unauthorized error.
Can I ask where I went wrong? Is it possible to obtain an access token with the 'user.read' permission for the signed-in user?
Appreciated for the helps!