How to call Graph API after logging in with AWS Cognito hosted UI

Question

Hi,

Our react application authenticates through SAML based federated Azure AD identity provider for AWS Cognito. So the application received Cognito ID and access tokens after login. I have a need to display the profile picture of the logged in user, for which I need to call MS Graph API. Since I would require Azure AD access token for calling the GraphAPI, I was exploring on how to exchange the Cognito token with Azure Ad or otherwise capture Azure token in token claims if possible, but I could not figure the way out. I am desperately looking for help. Appreciate any help on the same.

Thanks,

Haripriya

Answer 1

Hello @Adusumalli, Haripriya , I understand that you've federated AWS Cognito with Entra ID as a SAML IdP. This case is covered at Scenario: You have a SAML token and want to call the Graph API. Basically, you would leverage the Entra ID session cookie which is the same regardless of the protocol used (SAML or OIDC) to authenticate during the Microsoft Graph access token request.

To call Microsoft Graph from React applications take a look to React single-page application using MSAL React to sign-in users and call Microsoft Graph API (direct call) and Authenticate a user with Azure AD using msal.js and call an Azure AD protected Node.js Web Api using on-behalf of flow (delegated call).

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.