Can I use a token issued by an ADFS server with Microsoft Graph?

Question

I have a token issued by an Active Directory Federation Services (ADFS) server. I would like to know if it is possible to use this token to access Microsoft Graph API. If so, could you please provide some guidance or documentation on how to achieve this?

Until Now, I tried it.

POST https://{adfs-domain}/adfs/oauth2/token

client_id={client-id}
grant_type=password
username=username
password=password

And response including access_token and so on.

But, this token can't use when I use graph api.

It's error comment :

Code: InvalidAuthenticationToken
Message: Access token validation failure. Invalid audience.
Inner error:
    AdditionalData:
    date: 2024-08-29T06:30:28
    request-id: fb32b009-c1b8-4393-ac60-6de17df593d3
    client-request-id: fb32b009-c1b8-4393-ac60-6de17df593d3
ClientRequestId: fb32b009-c1b8-4393-ac60-6de17df593d3

This is token payload.

In this case, this token get from ms account and request in https://login.microsoftonline.com/{app-id}/oauth2/token and add resource parameter.

If when send request with scope or resource. It occurred errorMSIS9602: The received 'resource' parameter is invalid. The authorization server can not find a registered resource with the specified identifier.

The detail add this scope=https://graph.microsoft.com/.default or resource=https://graph.microsoft.com

I suspect the issue might be related to the “aud” (audience) claim being different. However, I am unsure how to resolve this. Can anyone provide some guidance?

Thank you.