Reputation: 1572
Azure App with Web API and Microsoft Graph
I've Web App and API registered at https://apps.dev.microsoft.com. In my API, I've added in Pre-authorized applications my Web APP ID. So far so good. It works with the following scopes: openid, profile, and api://APP_ID_GUID/access_as_user.
I also need access to Microsoft Graph, but adding https://graph.microsof.com/user.read to my scopes results in:
AADSTS700022: Provided value for the input parameter scope is not valid because it contains more than one resource. Scope
openidprofilehttps://graph.microsoft.com/user.readapi://APP_ID_GUID/access_as_useris not valid.
How can I get token so I can use both? I need only to list the users in the Active Directory. The only way I see it is to get a separate access token for Microsoft Graph and use it when I want to query the users from AD.
Upvotes: 0
Views: 995
Answers (1)
Reputation: 58723
An access token is only valid on one API. You need two access tokens to call two APIs.
As long as your app has been granted the necessary consent, it can get the access tokens either by using a refresh token (you can get an access token for any resource using a refresh token) or a hidden iframe that uses implicit grant flow (that MSAL.JS uses).
Upvotes: 3
Related Questions
- Microsoft graph api access
- Using app's identity (Azure AD) in ASP.NET web app to call Microsoft Graph
- Giving access to third party application
- Microsoft Graph API - Create App (beta)
- Managing Azure AAD Applications with Microsoft Graph
- SharePoint + Azure AD + Microsoft Graph API
- Microsoft graph and Azure Ad user authentication
- Calling Microsoft Graph via REST API using Application token
- Azure AD and Graph
- Accessing the Azure Graph API using Application Identity