Forum Discussion

chetan_sk's avatar
chetan_sk
Copper Contributor
Sep 28, 2023

Authenticate Microsoft graph API with username and password without register app

Hi Team,    We have a requirement to send the files to the team channel using python and we came accross the way of doing that using the graph API.   https://learn.microsoft.com/en-us/graph/api/c...
microsoft teams
LeonPavesic's avatar
LeonPavesic
Silver Contributor
Sep 28, 2023

Hi chetan_sk,

Yes, you can authenticate Microsoft Graph API with username and password without registering an app. This is called the Resource Owner Password Credentials (ROPC) flow.

To authenticate with ROPC, you will need to send a POST request to the following endpoint:

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

The request body should contain the following parameters:

If the authentication is successful, you will receive a response containing an access token. You can then use this access token to call Microsoft Graph API.

Here is a Python code example:



Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

 

import requests

tenant_id = "YOUR_TENANT_ID"
username = "YOUR_USERNAME"
password = "YOUR_PASSWORD"

# Build the request
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}
data = {
    "grant_type": "password",
    "resource": "https://graph.microsoft.com",
    "username": username,
    "password": password
}

# Send the request
response = requests.post(
    f"https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token",
    headers=headers,
    data=data
)

# Check the response status code
if response.status_code == 200:
    # Authentication successful
    access_token = response.json()["access_token"]

    # Use the access token to call Microsoft Graph API
    # For example, to send a chat message to a team channel:
    graph_api_endpoint = "https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    data = {
        "content": "This is a test message from Python."
    }
    response = requests.post(graph_api_endpoint, headers=headers, json=data)

    # Check the response status code
    if response.status_code == 201:
        # Message sent successfully
        print("Message sent successfully.")
    else:
        # Error sending message
        print("Error sending message:", response.status_code)
else:
    # Authentication failed
    print("Authentication failed:", response.status_code)​

 

It is important that the ROPC flow is not recommended for production use, as it requires users to enter their passwords into your application. Instead, you should use the OAuth 2.0 authorization code flow or the client credentials flow.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

chetan_sk's avatar
chetan_sk
Copper Contributor
Oct 04, 2023
Hi Leon, I am trying out this , however my repose is returning as 400

<Response [400]>
Authentication failed: 400
when I send the request via post method, I have re verified my passwords username and tenant id, everything is correct , any idea what could be the issue here ?
  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor
    Oct 04, 2023

    Hi chetan_sk,

    thanks for the update.

    I understand that you are getting a 400 error even though you have verified that your username, password, and tenant ID are correct.

    Here are some additional things you can try to troubleshoot the issue:

     

    I also recommend that you try using the OAuth 2.0 authorization code flow or the client credentials flow to authenticate to the Microsoft Graph API. These flows are more secure and reliable than the ROPC flow.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • chetan_sk's avatar
      chetan_sk
      Copper Contributor
      Oct 04, 2023
      Hi Leon, Addition to my previous comment, I even tried with postman thinking something must be blocked but same issue when I am trying to get tocken, is there any documentation regarding this way of authentication ?

      "error": "invalid_request",
      "error_description": "AADSTS90102: The 'resource' request parameter is not supported.
      • gauravjaini0001's avatar
        gauravjaini0001
        Copper Contributor
        Dec 21, 2023

        chetan_sk - I am getting the same error. did you manege to find the solution?

    • chetan_sk's avatar
      chetan_sk
      Copper Contributor
      Oct 04, 2023
      Hi Leon,

      The other two points which you mentioned are also in place and correct, We cannot go ahead with the client credentials at the moment.

      Regarding the ROPC flow is there any other setting or permission needed to make this post method wotk ?

Resources