Authenticate Microsoft graph API with username and password without register app

Copper Contributor

Hi Team, 

 

We have a requirement to send the files to the team channel using python and we came accross the way of doing that using the graph API.

 

Send chatMessage in a channel - Microsoft Graph v1.0 | Microsoft Learn

 

However I have a question regarding the authentication for the graph API, I could not find any documents which tell how to authenticate this graph API with username and password or with technical user.

 

Can you please let us know if we can authenticate the graph API without the registered app , since for the registered app ,we will have to give permissions which would be for all the channels in the teams and not to specific channel 

 

chetan_sk_0-1695899470974.png

 

 

 

 

10 Replies

Hi @chetan_sk,

Yes, you can authenticate Microsoft Graph API with username and password without registering an app. This is called the Resource Owner Password Credentials (ROPC) flow.

To authenticate with ROPC, you will need to send a POST request to the following endpoint:

https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

The request body should contain the following parameters:

If the authentication is successful, you will receive a response containing an access token. You can then use this access token to call Microsoft Graph API.

Here is a Python code example:



Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.

 

import requests

tenant_id = "YOUR_TENANT_ID"
username = "YOUR_USERNAME"
password = "YOUR_PASSWORD"

# Build the request
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}
data = {
    "grant_type": "password",
    "resource": "https://graph.microsoft.com",
    "username": username,
    "password": password
}

# Send the request
response = requests.post(
    f"https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token",
    headers=headers,
    data=data
)

# Check the response status code
if response.status_code == 200:
    # Authentication successful
    access_token = response.json()["access_token"]

    # Use the access token to call Microsoft Graph API
    # For example, to send a chat message to a team channel:
    graph_api_endpoint = "https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages"
    headers = {
        "Authorization": f"Bearer {access_token}"
    }
    data = {
        "content": "This is a test message from Python."
    }
    response = requests.post(graph_api_endpoint, headers=headers, json=data)

    # Check the response status code
    if response.status_code == 201:
        # Message sent successfully
        print("Message sent successfully.")
    else:
        # Error sending message
        print("Error sending message:", response.status_code)
else:
    # Authentication failed
    print("Authentication failed:", response.status_code)​

 

It is important that the ROPC flow is not recommended for production use, as it requires users to enter their passwords into your application. Instead, you should use the OAuth 2.0 authorization code flow or the client credentials flow.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

@chetan_sk-Could you please confirm if your issue has resolved with with provided suggestions or still looking for any help?
Hi Leon , Thankyou for this one I will try this out :)
Hi Sayali I will try this solution thank-you
Hi Leon, I am trying out this , however my repose is returning as 400

<Response [400]>
Authentication failed: 400
when I send the request via post method, I have re verified my passwords username and tenant id, everything is correct , any idea what could be the issue here ?

Hi @chetan_sk,

thanks for the update.

I understand that you are getting a 400 error even though you have verified that your username, password, and tenant ID are correct.

Here are some additional things you can try to troubleshoot the issue:

 

I also recommend that you try using the OAuth 2.0 authorization code flow or the client credentials flow to authenticate to the Microsoft Graph API. These flows are more secure and reliable than the ROPC flow.

Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)

Hi Leon,

The other two points which you mentioned are also in place and correct, We cannot go ahead with the client credentials at the moment.

Regarding the ROPC flow is there any other setting or permission needed to make this post method wotk ?

Hi Leon, Addition to my previous comment, I even tried with postman thinking something must be blocked but same issue when I am trying to get tocken, is there any documentation regarding this way of authentication ?

"error": "invalid_request",
"error_description": "AADSTS90102: The 'resource' request parameter is not supported.

@chetan_sk - I am getting the same error. did you manege to find the solution?

Hello @chetan_sk,
There is no way we can authenticate Graph API without App Registration. For doing so App is required. For more information, please refer to the documentation.