question

juanmaximilianoaguilarabanto-6444 avatar image
0 Votes"
juanmaximilianoaguilarabanto-6444 asked soumi-MSFT commented

Delegated permission - Send email with Microsoft Graph

Hi

I use application permissions to obtain a valid token to send a email with Microsoft Graph.

I followed the link: https://stackoverflow.com/questions/50483154/access-token-for-microsoft-graph-api-is-immediately-expired.
But, i want to use delegated permissions.. adding parameters when I get the token

Cpji8.png


azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered soumi-MSFT commented

@juanmaximilianoaguilarabanto-6444, You can go ahead and request a token from AAD for an user using the Authorization Code Grant Flow (using OAUTH 2.0). You can floow the steps below to create a request to obtain the code as well as the token and then utilise the token to perform activities using the Graph API.

Steps:
- Create a request to obtain the code from Azure AD by sending the request to the /authorize endpoint:

https://login.microsoftonline.com/{tenantName/tenantId}/oauth2/v2.0/authorize?client_id={applicationId}&response_type=code&redirect_uri={redirect_uri}&response_mode=fragment&scope=openid User.Read&state=12345

Note: Here in the scope parameter you can mention the delegated permissions that you would want to be present in the access token. for eg: here I have mentioned the scope as openid User.Read. For your requirement you can keep adding other delegated permissions into the scope parameter, with a space in between.

  • When you send this request, AAD, asks you to authenticate yourself and after authentication you would get a response similar to
    {redirect_uri}#code=xxx-xxx-xxxx&state=1234

  • Copy the code section from the response and then make the next call to the /token endpoint of AAD asking for an access token. [Refer to the screenshot below]

    3461-authcodeflow.png

  • Once you send the request to the /token endpoint of AAD, it would provide you with an access token.

    3432-accesstoken-new.png

    You can check for the mentioned scopes/permissions in the Access token by decoding the token using https://jwt.ms

  • Once done, you can make the Graph API call next. To do that you need to copy this access token and send it along with the Graph API call as Bearer in the header of the request. [Refer to the screenshot below:]

    3433-graphcall.png


Hope this helps. If the above response helped you in answering your query, please do mark the response as "answered" so that it helps others too.






authcodeflow.png (34.6 KiB)
accesstoken-new.png (143.5 KiB)
graphcall.png (19.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@juanmaximilianoaguilarabanto-6444, I wanted to followup and wanted to understand if the above response helped in answering your query. If it did, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 Votes 0 ·

@juanmaximilianoaguilarabanto-6444, I wanted to followup and wanted to understand if the above response helped in answering your query. If it did, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

0 Votes 0 ·