Have you tried adding adding V2.0 in /oauth2/v2.0/token ?
It appears that your token is intended for the wrong audience. To call the Microsoft Graph API, you need to obtain a token specifically for Microsoft Graph, meaning the access token should include "aud": "https://graph.microsoft.com"
.
It seems you're using the [AAD auth code flow][1] to get the token. When requesting an authorization code, use the scope https://graph.microsoft.com/.default
.
Here's the authorization request URL:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=xxxxx
&response_type=code
&redirect_uri=xxxxxx
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
When requesting the token, also use scope=https://graph.microsoft.com/.default
.
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id=xxxxxx
&scope=https://graph.microsoft.com/.default
&code=0.AR8A3XwQy0FAmkSxxxx
&redirect_uri=xxxxxx
&grant_type=authorization_code
&client_secret=xxxxx
To successfully call the API, ensure that your client app has been granted the appropriate [Delegated Microsoft Graph API permissions][2] based on the API you intend to use. For example, if you want to call the [List users
][3] API, you need the correct permissions.
More links :
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
https://docs.microsoft.com/en-us/graph/permissions-reference
https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0