Share via

Using Microsoft graph for getting an email without real application

Katya Fedorova 40 Reputation points
2023-06-16T10:51:41.5833333+00:00

I am an Automation QA engineer and trying to use Graph for getting an email sent by my platform/site to the random outlook user. As I see the use case of using Graph mostly to get that email in the application on behalf of the user. But my case is different - I want my test framework to retrieve the message, not the application under development.Screenshot 2023-06-16 at 13.52.38

Hence. I don't have a redirect URL, whereas I understand Microsoft identity platform will send authorization code to the app (as I want to send this auth request from the test framework, not from application under development).

The question, can I somehow bypass this redirect URL issue, and is this a common case of using Graph without application but for test automation purposes?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-06-19T06:28:33.9266667+00:00

    Hi @Katya Fedorova ,

    Thanks for reaching out.

    You can use Microsoft Graph API for test automation purposes without a redirect URL. However, you will need to use the client credentials flow instead of the authorization code flow.

    The client credentials flow allows your test framework to authenticate directly with Azure AD and obtain an access token without user interaction. This flow is typically used for server-to-server authentication scenarios, but it can also be used for test automation purposes.

    To use the client credentials flow, you will need to register your test framework as an Azure AD application and grant it the necessary application permissions rather than delegated permissions to access the Microsoft Graph API**.**

    User's image

    You can use the client ID and client secret of your Azure AD application to authenticate and obtain an access token.

    User's image

    Reference - https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,376 Reputation points
    2023-06-19T08:42:26.9233333+00:00

    Hi @Katya Fedorova

    The auth code flow is an interactive authentication flow, it cannot log a user in without using the web interface, this can only be done in the browser UI.

    If your security team prohibits the use of application permissions, then you can try to obtain an access token using the ROPC flow, which is available in a delegated context without interacting with the logged-in user in the web interface. However this flow requires a very high degree of trust in the application, as it requires you to hardcode the username/password in the backend.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.
    0 comments
  2. Katya Fedorova 40 Reputation points
    2023-06-19T06:45:35.1633333+00:00

    Hi Shweta!
    Thank you a lot for your answer. I see in that case I will need to use only application access, which is forbidden by my InfoSec team.

    Let's say I will solve the issue with the redirect. But another issue pops up with using it for automation tests.
    I will need to sign in, before getting the authorization code. As I understand I will need to do it each time before running my tests and triggering the Graph API.
    Is it possible to sign in without using a web interface, but just API calls?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.