Unable to access Graph API endpoints with grant type Client credentials configuration

Question

I am using the grant type as "client credentials" in client configuration. Able to get the token using https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token with "default" scope, but getting this error "/me request is only valid with delegated authentication flow" while accessing https://graph.microsoft.com/v1.0/me/events.

Getting the same error on using Authentication scheme as "Client secret" or "Private Key JSON Web Token(JWT)". It is only working with Authorization code.

I have set the API access permissions as below in Azure portal:

Calendars.ReadWrite (Application)

Please suggest how to implement client credentials authentication for Graph API.

Answer 1

Hello Mahesh Kurucheti,

Thanks for posting!

I understand that you are trying to call Graph Endpoint API https://graph.microsoft.com/v1.0/me/events.

using Application permission (Client Credentials Flow), but you are getting below error:

"/me request is only valid with delegated authentication flow".

Delegated permissions are used by those application which require user interaction or signed in by user whereas application permissions do not require any user interaction and used by those applications which run in the background and consented by admin only beforehand.

If you are using the application permissions model (client credentials), you are running your code without any user context, so there is no user to "resolve" for the "/me" endpoint. I would suggest you use /users/{id | userPrincipalName}/events instead of /me/events to implement client credentials authentication for Graph API.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.