Graph API authentication for the backend app

Question

I want to use Graph API to upload files to a specific SharePoint document library. It is a backend application (no user login).

I tested with Graph Explorer with my personal account (OIDC login interactively), and now I want to turn it into a Java application.

At first, I want to create a service account and let it calls the Graph API to do the same. However, from all my studies, I must register an application and grant permission to it instead. I cannot find a way to call MS Graph with a user identity (or user principal).

Should I focus on the registered application and forget about the service account? What auth2 flow should I use, and should I set the scope? Does delegated permission help?

Answer 1

Hi @David Wong , for back-end applications without user login, client credentials flow is generally used.

Before authorization, you need an administrator account to register a new app at Azure app registration portal, add permissions to it, and click Grant.

And this authentication method requires application permission: Files.ReadWrite.All or Sites.ReadWrite.All as described in the documentation:

Hope this helps, best wishes.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.