![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 56.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEP%3C/text%3E%3C/svg%3E)
25,080 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi@Erika Papp (Winformatics) Thank you for reaching to us.
I understand that you are asking to get an authentication token for an Azure AD user to use in a Power Automate flow and you know how to get a token for a registered app in Azure, but not for a user. As you provide snippet the application permission type is not supported for you as application permission is required for service-to-service interaction or for daemon apps.
For User interactive flow, you would require delegated permissions and can use OAuth 2.0 authorization code flow to get token for the user. To get started, you need to register your application with Azure AD and configure it to use OAuth 2.0. Once you have registered your application, you can use the OAuth 2.0 authorization code grant flow to obtain an access token for a user. This flow involves the following steps:
1.The first step is to Request an authorization code to authorize the app to act on their behalf of you by following below URL.
GET https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=111XX
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=offline_access%20user.read%20mail.read
Replace your registered application tenant, client and redirect_uri .
Scope: Required permissions User.Read and Mail.Read, and offline_access
After the app sends the authorization request, you need to enter credentials to authenticate with Microsoft. It is asking you to authenticate and grants consent, the response contains the authorization code in the code parameter.
2.To uses the authorization code received in the previous step to request an access token by sending a POST request to the /token endpoint by following the below request.
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=111XXXXXXXXX
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAxxxxxxxxxxxxxxxx
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&code_verifier=xxxxxxxxxxxxx
&client_assertion_type=urnxxxxxxxxxx
&client_assertion=eyabczxtxuytdblvxcgnm
Replace parameters values. Click on send request, you will get access token which you can decode using www.jwt.ms
For your reference
OAuth 2.0 authorization code flow: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Hope this will helps. Do let us know if you any further queries.
Thanks,
Navya.
Please remember to "Accept Answer" if answer helped you.