Unable to access Graph API endpoints with grant type Client credentials configuration

Mahesh Kurucheti 46 Reputation points

I am using the grant type as "client credentials" in client configuration. Able to get the token using https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token with "default" scope, but getting this error "/me request is only valid with delegated authentication flow" while accessing https://graph.microsoft.com/v1.0/me/events.

Getting the same error on using Authentication scheme as "Client secret" or "Private Key JSON Web Token(JWT)". It is only working with Authorization code.

I have set the API access permissions as below in Azure portal:

Calendars.ReadWrite (Application)

Please suggest how to implement client credentials authentication for Graph API.

Microsoft Graph Calendar API
Microsoft Graph Users API
Microsoft Graph Users API
A Microsoft API that allows you to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
720 questions
{count} votes

Accepted answer
  1. Siddharth Gautam 855 Reputation points

    Hello Mahesh Kurucheti,

    Thanks for posting!

    I understand that you are trying to call Graph Endpoint API https://graph.microsoft.com/v1.0/me/events.

    using Application permission (Client Credentials Flow), but you are getting below error:

    "/me request is only valid with delegated authentication flow".

    Delegated permissions are used by those application which require user interaction or signed in by user whereas application permissions do not require any user interaction and used by those applications which run in the background and consented by admin only beforehand.

    If you are using the application permissions model (client credentials), you are running your code without any user context, so there is no user to "resolve" for the "/me" endpoint. I would suggest you use /users/{id | userPrincipalName}/events instead of /me/events to implement client credentials authentication for Graph API.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful