This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 60%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENN%3C/text%3E%3C/svg%3E)
I'm trying to connect to Microsoft Graph API through Graph SDK to create mail using my organization domain. Here is my code:
import requests
import json
from urllib.parse import urlencode
client_id = "***"
client_secret = "***"
tenant_id = "***"
def get_access_token():
url = "https://login.microsoftonline.com/{}/oauth2/token".format(tenant_id)
payload = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"scope": "https://graph.microsoft.com/.default"
}
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
response = requests.post(url, data=urlencode(payload), headers=headers)
if response.status_code == 200:
return response.json()["access_token"]
else:
raise Exception(f"Failed to get access token\n{response.text}")
def create_user(access_token, user_info):
url = "https://graph.microsoft.com/v1.0/users"
headers = {
"Authorization": "Bearer {}".format(access_token),
"Content-Type": "application/json"
}
data = {
"accountEnabled": True,
"displayName": user_info["name"],
"mailNickname": user_info["email"],
"userPrincipalName": f"{user_info['email'].split('@')[0]}@***",
"passwordProfile": {
"password": user_info["password"]
}
}
response = requests.post(url, data=json.dumps(data), headers=headers)
if response.status_code == 200:
print(user_info["name"] + "@*** created successfully")
else:
raise Exception(f"Failed to create user {user_info['name']}\n{response.text}")
if __name__ == "__main__":
with open("users.json") as f:
users = json.load(f)
access_token = get_access_token()
for user in users:
create_user(access_token, user)
I am getting the following error while executing the create_user() method: "code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience." It seems that my authProvider function returns a valid token. I have already set User.ReadWrite.All and Directory.ReadWrite.All in my code.
Can anyone help me resolve this issue?
Hi @Nguyễn Gia bảo
Use jwt.ms to decode your access token and share screenshots.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 24%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
is this decoded token of get_access_token() ? . you might be using id token instead of access token .This does not look like a token that was generated using the client credential flow.
yes it's a decoded token of get_access_token()
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 97%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
The issue I experienced was not to encoding but rather the wrong token request endpoint. You need to use V2 and not the original endpoint i.e. https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Hope this helps :)
Hi @Nguyễn Gia bảo
The audience for your access token is a deprecated Azure AD Graph API, so it cannot be used to call the Graph API. When obtaining an access token, make sure that the value of the scope is: https://graph.microsoft.com/.default.
If the reply helps, don't forget to accept it as an answer. Thanks!
i'm sure the value of scope is https://graph.microsoft.com/.default because i send it in my code
Confusingly, your token is a token for the Azure AD Graph API, not for the MS Graph API.
As a test, can you copy your app and tenant information to Postman to get a new access token and decode it?
i did it and here is what i got
i'm not sure where the error was
Like I said in my answer, the audience of your token is the deprecated Azure AD Graph API and not the MS Graph API.
Can you share some screenshots of the tests you did in Postman?
here is it
You should use the v2.0 endpoint to request tokens.
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
ok thank you
thank you