Reputation: 10800
Custom .Net Core API for Microsoft Graph API Authentication Setup with Azure Active Directory and OAuth2 flow
Information
I am building a custom .Net Core API on Microsoft Visual Studio 2017. The idea is for this custom API to handle calls to the Microsoft Graph API and allow for custom web applications to call out to this custom API. We have configured a Microsoft Office 365 developer site and an Azure Active directory Tenant which is linked to the developer site. The tenant account currently has Delegated Access for the Microsoft Graph API. This was the starting point for all of this: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/?view=odsp-graph-online
Problem
I followed the documentation of Microsoft here: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/aad-oauth?view=odsp-graph-online
I am able to get an access/refresh token via Postman and using the OAuth2 flow of:
- GET request to receive an authorization code (This is problematic, had to do it manually through my browser)
- POST request to get access token/refresh token
- Use access token for calls to Graph API
The problem I am facing, is that I can't find anyway to do the 1st step of the OAuth2 process with only Http requests (Postman, later HttpClient). For me to get the actual authorization code, I have to open a browser, plugin the endpoint and then it redirects my browser and gives me the authorization code in the query string parameters. I then can take this value and plug it into the Post request for the access/refresh token and get the tokens. As this application will be running continuously on it's dedicated server, I don't want to have to worry about on a token expiration having to go back and open a browser to perform step 1 of the OAuth2 process. This seems like it should be a simple thing to do, the GET request for the Authorization code, but from what I've read in the documentation, it appears this is intended to be done via a user with a browser? If I call this endpoint straight from PostMan, it returns Html and not the authorization code.
Solution?
I am asking for help in either determining a way to get that Authorization Code via a plain Http request, or by passing that step somehow and just getting an endpoint to issue me the tokens directly. Would switching the Tenant to Application Permissions make this OAuth2 process easier? Anyone have any experience with this or have a different design choice, I'd appreciate it.
Upvotes: 0
Views: 1103
Answers (1)
Reputation: 9569
For the authentication code flow, this does require you to do it in two steps:
- Obtain the authorization code through the browser.
- Use the authorization code to obtain the access token.
In fact, it is recommended that you use the client credential flow, which saves you the operation of obtaining an authorization code. You can directly obtain the access token through the client secret in postman.
Upvotes: 1
Related Questions
- ASP.NET Core 5 WebAPI - Azure AD - Call Graph API Using Azure Ad Access Token
- Azure API Authentication and MSGraph
- .Net core App unable to get user details from Microsoft Graph API?
- Calling Graph API from ASP.Net Core API on behalf of user from SPA
- Unable to call Graph API in .net core
- OAuth2 flow for obtaining token for microsoft graph access
- Getting Access Token for Microsoft Graph from asp.net core Authentication web app
- Microsoft graph and Azure Ad user authentication
- How do request a correct access token in ASP.NET Core for Azure AD to access Microsoft Graph
- Using Microsoft Graph APIs with Azure AD 1.0 Authentication