![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 15%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,466 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@juan maximiliano aguilar abanto , You can go ahead and request a token from AAD for an user using the Authorization Code Grant Flow (using OAUTH 2.0). You can floow the steps below to create a request to obtain the code as well as the token and then utilise the token to perform activities using the Graph API.
Steps:
- Create a request to obtain the code from Azure AD by sending the request to the /authorize endpoint:
https://login.microsoftonline.com/{tenantName/tenantId}/oauth2/v2.0/authorize?client_id={applicationId}&response_type=code&redirect_uri={redirect_uri}&response_mode=fragment&scope=openid User.Read&state=12345
Note: Here in the scope parameter you can mention the delegated permissions that you would want to be present in the access token. for eg: here I have mentioned the scope as openid User.Read. For your requirement you can keep adding other delegated permissions into the scope parameter, with a space in between.
- When you send this request, AAD, asks you to authenticate yourself and after authentication you would get a response similar to
{redirect_uri}#code=xxx-xxx-xxxx&state=1234 - Copy the code section from the response and then make the next call to the /token endpoint of AAD asking for an access token. [Refer to the screenshot below]
- Once you send the request to the /token endpoint of AAD, it would provide you with an access token.
You can check for the mentioned scopes/permissions in the Access token by decoding the token using https://jwt.ms - Once done, you can make the Graph API call next. To do that you need to copy this access token and send it along with the Graph API call as Bearer in the header of the request. [Refer to the screenshot below:]
Hope this helps. If the above response helped you in answering your query, please do mark the response as "answered" so that it helps others too.