Reputation: 664
Unable to obtain access token for calling Microsoft Graph APIs
I am following the steps as here: https://learn.microsoft.com/en-us/graph/auth-v2-service
I registered a mock app and added app permissions to Graph. None of the permissions require Admin Consent so I skipped that step.
I then called the API (from Postman) https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
using client_id, scope, client_secret, grant_type. For 'scope' i use 'https://graph.microsoft.com/.default' and for 'grant_type' the value is 'client_credentials'.
I get error:
"error": "invalid_request",
"error_description": "AADSTS9002331: Application 'xxxxxxxxxxx' is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request.\r\nTrace ID: 67375d76-2f9d-4fb1-b1dd-3286fad85a00\r\nCorrelation ID: e217e9ff-2696-495f-9657-f2bb1d7066cf\r\nTimestamp: 2020-09-18 07:46:39Z",
"error_codes": [
9002331
What I am missing ?
Upvotes: 0
Views: 1323
Answers (2)
Reputation: 2003
For getting Bearer token from MS-Graph-api for grant_type: client_credentials below curl command worked for me. Replace relevant values with yours in below curl command and this doesn't requires or I didn't provide any delegated or application permissions to get this bearer token.
curl --location --request POST 'https://login.microsoftonline.com/{tenant_ID}/oauth2/v2.0/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id={client_id}' --data-urlencode 'client_secret={client_secret}' --data-urlencode 'scope=https://graph.microsoft.com/.default'
Upvotes: 0
Reputation: 1602
Personal accounts that are used to sign in to services like Xbox and Skype.
Daemon applications can be used only with Azure AD organizations. Please don't use daemon applications to manipulate Microsoft's personal accounts. Admin consent will never be granted.Please refer to this document
To know more details on account types please refer to this document
how to register the app to use client credential flow please follow this document
Upvotes: 1
Related Questions
- Microsoft graph return "access token is empty"
- Access Token missing or malformed when calling Graph API
- Error "invalid_grant" AADSTS65001 when trying to exchange access token
- Obtaining a valid access token for Microsoft Graph API
- 'Unauthorized' error when requesting 'https://graph.microsoft.com/v1.0/me/joinedTeams' from Microsoft Graph
- Unable to get access token from Azure AD when using Microsoft Graph Explorer
- Not able to get access_token for Microsoft Graph API OAuth 2.0 using username & password
- MS Graph API: invalid authentication token
- Azure AD: Unable to issue tokens from this api version
- Access token issue while accessing the graph API