I am able to get an access token successfully, and the access token includes a "Roles" property with User.Read.All in the value, but I'm getting a 401 response when I try to execute a "get" from https://graph.microsoft.com/v1.0/users.
I obtained the access token immediately before attempting to get the user list, and so I am fairly certain it hadn't expired!
Here's the decoded token:
{
"typ": "JWT",
"nonce": "DSKkpNwYAnz8z9bPfeFI7N2Yze0v2UfA3Y3n3yZ2Al8",
"alg": "RS256",
"x5t": "XRvko8P7A3UaWSnU7bM9nT0MjhA",
"kid": "XRvko8P7A3UaWSnU7bM9nT0MjhA"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/3751d48b-a19b-4964-9c22-3f30ccc7aeb8/",
"iat": 1709167326,
"nbf": 1709167326,
"exp": 1709171226,
"aio": "E2NgYDgXfDvYpSnJtnex8B+1cwxiAA==",
"app_displayname": "Harris",
"appid": "564fbbbd-4087-4078-bdbd-9fa482ac63e7",
"appidacr": "1",
"idp": "https://sts.windows.net/3751d48b-a19b-4964-9c22-3f30ccc7aeb8/",
"idtyp": "app",
"oid": "850bb594-225c-4651-aa6d-fcea51d69a9f",
"rh": "0.AX0Ai9RRN5uhZEmcIj8wzMeuuAMAAAAAAAAAwAAAAAAAAAB9AAA.",
"roles": [
"User.ReadBasic.All",
"User.ReadWrite.All",
"User.Read.All",
"UserNotification.ReadWrite.CreatedByApp"
],
"sub": "850bb594-225c-4651-aa6d-fcea51d69a9f",
"tenant_region_scope": "NA",
"tid": "3751d48b-a19b-4964-9c22-3f30ccc7aeb8",
"uti": "qAFlqOUlPUu_C7eV7WQgAA",
"ver": "1.0",
"wids": [
"0997a1d0-0d1d-4acb-b408-d5ca73121e90"
],
"xms_tcdt": 1616716344
}.[Signature]