The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Active Directory!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

 none
Can't use graph api with Delegated permissions RRS feed

  • Question

  • Hi All,

    I did the integration using application permissions. Now I have a task of integrating using an account consent instead of admin.

    Im using Calendars.ReadWrite and User.Read scopes...

    Even though my user access the endpoint

    /oauth2/v2.0/authorize

    correctly and it returns with an code and session_state i cannot get correctly an token or it always returns an 

     <div class="titleerror">ServiceException: Code: Authorization_RequestDenied<br />
    Message: Insufficient privileges to complete the operation.<br />

    I'm using an call like this:

    var client = new HttpClient
                {
                    BaseAddress = new Uri("https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token")
                };
                var dict = new Dictionary<string, string>();
                dict.Add("grant_type", "client_credentials");
                dict.Add("client_secret", azureOptions.ClientSecret);
                dict.Add("code", "{access code given from the authorize endpoint}"); // needed when delegated permissions are used?
                dict.Add("scope", "https://graph.microsoft.com/.default");
                dict.Add("client_id", azureOptions.ClientId);
                var req = new HttpRequestMessage(HttpMethod.Post, "https://login.microsoftonline.com/"+tenant+"/oauth2/v2.0/token")
                {
                    Content = new FormUrlEncodedContent(dict)
                };

    As I said, it works when using an app with application permissions, but for the case admin consent is not given (due to security inside our clients), i need to use the workaround of getting one user consent from the tenant to get things working.

    I'm reading things on microsoft documentation for about 2 weeks and did not get things done yet.

    Anyone can shed some light?

    Thank you

    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Calendars.ReadWrite
    Monday, October 21, 2019 2:43 PM

Answers