Share via

How to get Microsoft account guest token?

Romas Markovcinas 10 Reputation points
2023-04-06T13:15:22.1033333+00:00

This article describes Microsoft account guest token. How can I get this token, so that I can use it for my MS Graph API requests? Is it possible to get anonymous guest access code using MS Graph php or JavaScript SDKs? I need to get the guest token to be able anonymously upload to OneDrive publicly shared folder using MS Graph API.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,371 Reputation points
    2023-04-07T10:22:24.5233333+00:00

    Hi @Romas Markovcinas

    Refer to the sample code snippet of the graph JS SDK, which uses the auth code flow for interactive authentication of your guest users:

    Using @azure/msal-browser for browser applications

    const {
PublicClientApplication,
InteractionType,
AccountInfo
} = require("@azure/msal-browser");
const {
    AuthCodeMSALBrowserAuthenticationProvider,
    AuthCodeMSALBrowserAuthenticationProviderOptions
} = require("@microsoft/microsoft-graph-client/authProviders/authCodeMsalBrowser");

const options: AuthCodeMSALBrowserAuthenticationProviderOptions = {
    account: account, // the AccountInfo instance to acquire the token for.
    interactionType: InteractionType.PopUp, // msal-browser InteractionType
    scopes: ["user.read", "mail.send"] // example of the scopes to be passed
}

// Pass the PublicClientApplication instance from step 2 to create AuthCodeMSALBrowserAuthenticationProvider instance
const authProvider = new AuthCodeMSALBrowserAuthenticationProvider(publicClientApplication, options),

    Using @azure/identity for server-side applications

    const {
    Client
} = require("@microsoft/microsoft-graph-client");
const {
    TokenCredentialAuthenticationProvider
} = require("@microsoft/microsoft-graph-client/authProviders/azureTokenCredentials");
const {
    AuthorizationCodeCredential
} = require("@azure/identity");

const credential = new AuthorizationCodeCredential(
    "<YOUR_TENANT_ID>",
    "<YOUR_CLIENT_ID>",
    "<AUTH_CODE_FROM_QUERY_PARAMETERS>",
    "<REDIRECT_URL>"
);
const authProvider = new TokenCredentialAuthenticationProvider(credential, {
    scopes: [scopes]
});

    Hope this helps. If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

  2. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-05-04T06:34:43.1166667+00:00

    Hello @Romas Markovcinas , Azure AD cannot issue access tokens to anonymous users. You can, however, authenticate and get an access token for applications/service principals using the client credentials flow from your application. Keep in mind application permissions are regarded as highly privileged thus you gotta be careful when developing the rules to allow and serve calls, specially when they're anonymous.

    For JavaScript take a look to:

    For PHP take a look to:

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.