Authenticate Microsoft graph API with username and password without register app

Hi Team, We have a requirement to send the files to the team channel using python and we came accross the way of doing that using the graph API. https://learn.microsoft.com/en-us/graph/api/c...

microsoft teams

LeonPavesic

Silver Contributor

Sep 28, 2023

Hi chetan_sk,

Yes, you can authenticate Microsoft Graph API with username and password without registering an app. This is called the Resource Owner Password Credentials (ROPC) flow.

To authenticate with ROPC, you will need to send a POST request to the following endpoint:

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

The request body should contain the following parameters:

grant_type: password
resource: https://graph.microsoft.com
username: Your Microsoft username
password: Your Microsoft password

If the authentication is successful, you will receive a response containing an access token. You can then use this access token to call Microsoft Graph API.

Here is a Python code example:

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

import requests

tenant_id = "YOUR_TENANT_ID"
username = "YOUR_USERNAME"
password = "YOUR_PASSWORD"

# Build the request
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}
data = {
    "grant_type": "password",
    "resource": "https://graph.microsoft.com",
    "username": username,
    "password": password
}

# Send the request
response = requests.post(
    f"https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token",
    headers=headers,
    data=data
)

# Check the response status code
if response.status_code == 200:
    # Authentication successful
    access_token = response.json()["access_token"]

    # Use the access token to call Microsoft Graph API
    # For example, to send a chat message to a team channel:
    graph_api_endpoint = "https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    data = {
        "content": "This is a test message from Python."
    }
    response = requests.post(graph_api_endpoint, headers=headers, json=data)

    # Check the response status code
    if response.status_code == 201:
        # Message sent successfully
        print("Message sent successfully.")
    else:
        # Error sending message
        print("Error sending message:", response.status_code)
else:
    # Authentication failed
    print("Authentication failed:", response.status_code)

It is important that the ROPC flow is not recommended for production use, as it requires users to enter their passwords into your application. Instead, you should use the OAuth 2.0 authorization code flow or the client credentials flow.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

If the post was useful in other ways, please consider giving it Like.

Kindest regards,

Leon Pavesic
(LinkedIn)

sirtemi
Copper Contributor
May 10, 2024
Thank you. Solved the issue
chetan_sk
Copper Contributor
Oct 04, 2023
Hi Leon, I am trying out this , however my repose is returning as 400

<Response [400]>
Authentication failed: 400
when I send the request via post method, I have re verified my passwords username and tenant id, everything is correct , any idea what could be the issue here ?
- LeonPavesic
  Silver Contributor
  Oct 04, 2023
  Hi chetan_sk,
  
  thanks for the update.
  
  I understand that you are getting a 400 error even though you have verified that your username, password, and tenant ID are correct.
  
  Here are some additional things you can try to troubleshoot the issue:
  Make sure that you are sending the request with the correct headers. The Content-Type header should be set to application/x-www-form-urlencoded.
  Make sure that you are sending the request to the correct endpoint. The endpoint for the ROPC flow is https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token.
  
  I also recommend that you try using the OAuth 2.0 authorization code flow or the client credentials flow to authenticate to the Microsoft Graph API. These flows are more secure and reliable than the ROPC flow.
  
  Please click Mark as Best Response & Like if my post helped you to solve your issue.
  This will help others to find the correct solution easily. It also closes the item.
  
  If the post was useful in other ways, please consider giving it Like.
  
  Kindest regards,
  
  Leon Pavesic
  (LinkedIn)
  - chetan_sk
    Copper Contributor
    Oct 04, 2023
    Hi Leon, Addition to my previous comment, I even tried with postman thinking something must be blocked but same issue when I am trying to get tocken, is there any documentation regarding this way of authentication ?
    
    "error": "invalid_request",
    "error_description": "AADSTS90102: The 'resource' request parameter is not supported.
chetan_sk
Copper Contributor
Sep 29, 2023
Hi Leon , Thankyou for this one I will try this out 🙂
Sayali-MSFT
Microsoft
Sep 28, 2023
chetan_sk-Could you please confirm if your issue has resolved with with provided suggestions or still looking for any help?
- chetan_sk
  Copper Contributor
  Sep 29, 2023
  Hi Sayali I will try this solution thank-you

Forum Discussion

Authenticate Microsoft graph API with username and password without register app

Resources