Node JS generating access token for Microsoft Graph API on the server is throwing 400 error

Question

I am building a Rest API using Node JS as backend. My API needs to fetch the data from the Microsoft Teams. To do that, I am first trying to generate the access token following this link, https://spin.atomicobject.com/2021/10/08/microsoft-graph-api-node/. But it keeps returning 400 errors.

First I logged into Azure and created an app under App Registrations. Then I created an client secret for the app and also set the API permissions as follow.

In the Node JS backend, I am trying to generate the access token using the code below.

const msClientId = `xxx`;
const msTenantId = `xxx`;
const msClientSecret = `xxx`
async function generateAccessToken () {

      try {
        const msalConfig = {
          auth: {
            clientId: msClientId,
            clientSecret: msClientSecret,
            authority: `https://login.microsoftonline.com/${msTenantId}`,
          }
        }
        const cca = new msal.ConfidentialClientApplication(msalConfig);
        const authResponse = await cca.acquireTokenByClientCredential({
          scopes: [ `User.Read` ]
        });

        return authResponse.accessToken;
      } catch (e) {
        return e.message;
      }
    }

When I run the code, it is returning the following error.

network_error: Network request failed. Please check network trace to determine root cause. | Fetch client threw: Error: HTTP status code 400 | Attempted to reach: https://login.microsoftonline.com/xxx/oauth2/v2.0/token

What is wrong with my code and how can I fix it?

Answer 1

The endpoint you are using in authority is incorrect, could you please use the API:

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

Ref doc: https://learn.microsoft.com/en-us/graph/auth-v2-service#token-request

Answer 2

Have you tried the .default scope?

Like:

scopes: ['https://graph.microsoft.com/.default']