Forum Discussion

ktchoumak's avatar
ktchoumak
Copper Contributor
Jul 14, 2021

Get bearier token for Azure Graph api

I found 3 ways:

1.  from MSDN example:   result = await app.AcquireTokenForClient(scopes)

https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/blob/master/1-Call-MSGraph/daemon-console/Program.cs

2. 

// https://docs.microsoft.com/en-us/graph/auth-v2-service

 

private static async Task<AccessToken> WebRequestTokenBearer(string tenantId, string appId, string client_secret)
{
string url = "https://login.microsoftonline.com/"+ tenantId + "/oauth2/v2.0/token";

var values = new Dictionary<string, string>
{
{ "client_id", appId },
{ "scope", "https://graph.microsoft.com/.default" },
{ "client_secret", client_secret },
{ "grant_type", "client_credentials" }
};
var data = new FormUrlEncodedContent(values);

using var client = new HttpClient();
var response = await client.PostAsync(url, data);
string jsonToken = response.Content.ReadAsStringAsync().Result;

AccessToken result = JsonConvert.DeserializeObject<AccessToken>(jsonToken);

return result;
}

 

3. Once call Graph API method  using delegation permission its possible to retrieve token from  

 

GraphServiceClient graphClient = new GraphServiceClient(GetDelegatedAuthProvider());
var request = graphClient.Me.Request();
HttpRequestMessage httpRequest = request.GetHttpRequestMessage();
httpRequest.Method = HttpMethod.Get;
var response = await request.Client.HttpProvider.SendAsync(httpRequest);
string token = response.RequestMessage.Headers.Authorization.Parameter;

 

Method 1,2 giving the same length but different hash but third a way bigger and require to apply Azure Login popup dialog.  Which one is correct?

1 Reply

  • ktchoumak's avatar
    ktchoumak
    Copper Contributor
    Jul 14, 2021

    ktchoumak 

     

    I do not understand why Microsoft using such low informative way in it's snippets?

    https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows

     

    Here is main wrapper:

            private static async Task<AuthenticationResult> GetToken(string tenantId, string appId, string clientSecret)
        {
            // this object will cache tokens in-memory - keep it as a singleton
            var singletonApp = ConfidentialClientApplicationBuilder.Create(appId)
                .WithClientSecret(clientSecret)
                .Build();

            // If instead you need to re-create the ConfidentialClientApplication on each request, you MUST customize 
            // the cache serialization (see below)

            // when making the request, specify the tenanted authority
            // uses the token cache automatically, which is optimized for multi-tenant access
            var authResult = await singletonApp.AcquireTokenForClient(scopes: new[] { "https://graph.microsoft.com/.default" })
                .WithAuthority(AzureCloudInstance.AzurePublic, tenantId)  // do not use "common" or "organizations"!
                .ExecuteAsync();

            return authResult;
        }

     

     

Resources