Microsoft Graph API from service

Question

I'm trying to Authorize Office 365 a single time, allowing the user to only sign in once.

here's my code so far

IdentityClientApp = new ConfidentialClientApplication(this.clientId, "[uri]", new ClientCredential("[private key from Application Secrets section]"), new Microsoft.Identity.Client.TokenCache(), new Microsoft.Identity.Client.TokenCache());
authResult = await IdentityClientApp.AcquireTokenForClientAsync(new []{ "User.Read.All" });

I get an exception: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope User.Read.All is not valid.

I'm not sure how I'm supposed to get a valid token I can exit and restart without popping up the authpage every hour.

Answer 1

From your description , you are using client credentials flow with Azure AD V2.0 with MSAL library . When using client credentials flow with Azure AD V2.0 , the value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For the Microsoft Graph example, the value is https://graph.microsoft.com/.default.

Please click here for more details . And here is a tutorial for using client credentials flow with Azure AD V2.0 endpoint.

In addition , since you are using app identity(client credential flow ) , user doesn't need to login your app . Please read more about authentication Scenarios for Azure AD .If you want to use user identity , you could try OAuth 2.0 authorization code flow and here is a code sample . With user identity ,to extend the duration of your session(user won't logout after one hour). You could try to renew session by adding a hidden iframe in your page which hits the new sign in route at regular time intervals (In sign in operation you could acquire a new access token ). Please refer to article controlling a Web App’s session duration for details and code sample .