How to get the authorization for the graph API

Question

How to get the authorization for the graph API

Ferg Jiang (CSI INTERFUSION INC) 0 Microsoft External Staff

Hi experts,

Our team is using the graph API to enable people searching for emails in the organization and getting necessary profile data from it. However, as the project does not require SDL links and Privacy links, we are unable to proceed with configuration. what should we do, Is there any other way to authenticate through the GARPH API or any other way to search for emails in the organization?

Thanks

Ferg

1 answer

Your answer

Answer 1

Hitesh Pachipulusu - MSFT 3,620 Microsoft External Staff

Hello @Ferg Jiang,Thank you for contacting Microsoft Support.

Instead of user-based authentication, you can use app-only authentication. This approach allows your application to authenticate without requiring a user’s interaction.

To achieve this, you’ll need to register your app in Azure AD and obtain an application ID (Client ID) and an application secret (Client Secret).

With these credentials, your app can authenticate directly with the Graph API using OAuth 2.0 in Postman.

Please refer https://learn.microsoft.com/en-us/graph/use-postman.

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Ferg Jiang (CSI INTERFUSION INC) 0 Reputation points Microsoft External Staff

2024-06-06T07:08:56.1466667+00:00
Hi Hitesh Pachipulusu - MSFT • Thanks your feedback!!!

what we have done:

registered app registration

created service principal for our registered app (objectId, secret, etc...)

defined app roles

configured Api permissions - we are not 100% sure these permissions are necessary and sufficient for our use cases.

problems we are facing:

our app token can not access graph api on behave of user to auto-fill and validate user name and emails.

our app can not grant app roles to users (using app token). – we are not sure it's done by "AppRoleAssignment.ReadWrite.All"

our progress:

requesting admin consent, but block by the SDL process as we don't know how to choose the service from service tree, (maybe the Maps Launch Readiness is proper for us, but not sure)

if is necessary to migrate our code repo and work items to MS owned Azure DevOps, we don't have permission.

Thanks,

Ferg
Hitesh Pachipulusu - MSFT 3,620 Reputation points Microsoft External Staff

2024-06-06T12:45:39.0733333+00:00

Hello Ferg,

Please refer to the Microsoft Graph API documentation for listing people at https://learn.microsoft.com/en-us/graph/api/user-list-people?view=graph-rest-1.0&tabs=http.

The documentation states that you need to grant the People.Read.All permission if you are using application permissions. Application permissions need to be consented by Admin. Ensure you have the necessary permission and then execute the API call. Additionally, could you specify the platform you are using to make the Graph API call?

Hope this helps!

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Share via

How to get the authorization for the graph API

1 answer

Your answer