Delegated permission - Send email with Microsoft Graph

juan maximiliano aguilar abanto 541 Reputation points
2020-02-25T04:10:30.27+00:00

Hi

I use application permissions to obtain a valid token to send a email with Microsoft Graph.

I followed the link: https://stackoverflow.com/questions/50483154/access-token-for-microsoft-graph-api-is-immediately-expired.
But, i want to use delegated permissions.. adding parameters when I get the token

Cpji8.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,068 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. soumi-MSFT 11,756 Reputation points Microsoft Employee
    2020-02-25T04:47:40.947+00:00

    @juan maximiliano aguilar abanto , You can go ahead and request a token from AAD for an user using the Authorization Code Grant Flow (using OAUTH 2.0). You can floow the steps below to create a request to obtain the code as well as the token and then utilise the token to perform activities using the Graph API.

    Steps:

    • Create a request to obtain the code from Azure AD by sending the request to the /authorize endpoint:

    https://login.microsoftonline.com/{tenantName/tenantId}/oauth2/v2.0/authorize?client_id={applicationId}&response_type=code&redirect_uri={redirect_uri}&response_mode=fragment&scope=openid User.Read&state=12345

    Note: Here in the scope parameter you can mention the delegated permissions that you would want to be present in the access token. for eg: here I have mentioned the scope as openid User.Read. For your requirement you can keep adding other delegated permissions into the scope parameter, with a space in between.

    • When you send this request, AAD, asks you to authenticate yourself and after authentication you would get a response similar to
      {redirect_uri}#code=xxx-xxx-xxxx&state=1234
    • Copy the code section from the response and then make the next call to the /token endpoint of AAD asking for an access token. [Refer to the screenshot below] 3461-authcodeflow.png
    • Once you send the request to the /token endpoint of AAD, it would provide you with an access token. 3432-accesstoken-new.png You can check for the mentioned scopes/permissions in the Access token by decoding the token using https://jwt.ms
    • Once done, you can make the Graph API call next. To do that you need to copy this access token and send it along with the Graph API call as Bearer in the header of the request. [Refer to the screenshot below:] 3433-graphcall.png

    Hope this helps. If the above response helped you in answering your query, please do mark the response as "answered" so that it helps others too.