Reputation: 1451
Acquire token for Graph API using MSAL?
I'm attempting to use MSAL (1.0.304142221-alpha) to acquire a token for the Microsoft Graph API, using the client credentials flow. My code looks like so:
var confidentialClientApp = new ConfidentialClientApplication(clientId, redirectUri, new ClientCredential(clientSecret), null);
var token = confidentialClientApp.AcquireTokenForClient(new string[] { "Mail.Read" }, string.Empty).Result;
The 2nd line throws an exception: "AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Mail.Read is not valid.". The Graph API reference appears to cite "Mail.Read" as the required scope.
The application in Azure AD is a Web Application with a single key. The application has the "Read mail in all mailboxes" application permission set for Microsoft Graph.
Could anyone shed any light as to what is going on? Thankyou :)
Upvotes: 5
Views: 3098
Answers (1)
Reputation: 7394
the v2 of the Azure AD endpoints do not yet support app-only tokens. For the time being you are restricted to use delegated tokens. We hope to enable app-only tokens soon, sorry for the inconvenience.
Upvotes: 3
Related Questions
- Azure AD token for accessing Graph token
- AADSTS70011: The provided value for the input parameter 'scope' is not valid
- Validate Bearer token (azure ad) with MSAL
- Unable to acquire token silently or via redirect using msal-browser
- Flow/process to acquire service specific token in (UWP app)
- How to acquire an access token to a custom API using MSAL acquireTokenSilent?
- Microsoft Graph API token validation failure
- Unable to acquire token to call microsoft graph api using angular
- How to acquire graph token without using sessions?