Thanks for reaching out.
Access tokens enable clients to securely call protected web APIs. Clients should use the token response data that's returned with the access token for details on what's inside it.
You can pass https://jwt.ms in your redirect URI where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token to get the claims.
However, the contents of the token are intended only for the API, which means that access tokens must be treated as opaque strings. For validation and debugging purposes only, developers can decode JWTs using a site like jwt.ms.
To pass the access token to API, access token needs to pass as bearer token in the authorization header to call the API.
var tenantId = "you-azure-tenand-id";
var clientId = "azure-ad-application-id";
var clientSecret = "unique-secret-generated-for-this-console-app";
// Configure app builder
var authority = $"https://login.microsoftonline.com/{tenantId}";
var app = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri(authority))
.Build();
// Acquire tokens for Graph API
var scopes = new[] {"user.read offline_access"};
var authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync();
// Create GraphClient and attach auth header to all request (acquired on previous step)
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(requestMessage => {
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
return Task.FromResult(0);
}));
Here AcquireTokenForClient() is used to acquire the token and authenticationResult has tokens stored in it which can be passed as bearer token calling Graph API.
Regarding the refresh token, those are used to acquire extra access tokens when access token gets expire. You can receive refresh token along with access token by requesting offine_access scope.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.