Office 365 – Microsoft Graph – Part 3 – Azure Access Token: to call Graph APIs from CSOM

by · Published · Updated

Hi All,

In this article we will discuss most important concept “Azure Access Token”, which we require to call Graph APIs.

In last couple of articles, we started discussion about Microsoft Graph and one simple use case – to fetch Office 365 groups using Microsoft Graph APIs and using CSOM.

We have certain steps to use Graph APIs and in last following couple of articles we are discussing those steps

Office 365 – Microsoft Graph and Graph Explorer

Office 365 – Microsoft Graph beginning – Part 1

Office 365 – Microsoft Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Graph APIs using CSOM

In this article we will discuss most important concept – Azure Access Token, we require Access Token to call the Graph APIs.

Let’s begin the show:

What is Access Token?

Access Token is 64-bit encoded JSON Web Token (JWT)

Example:

EwAoA8l6BAAU7p9QDpi/D7xJLwsTgCg3TskyTaQAAXu71AU9f4aS4rOK5xoO/SU5HZKSXtCsDe0Pj7uSc5Ug008qTI+a9M1tBeKoTs7tHzhJNSKgk7pm5e8d3oGWXX5shyOG3cKSqgfwuNDnmmPDNDivwmi9kmKqWIC9OQRf8InpYXH7NdUYNwN+jljffvNTewdZz42VPrvqoMH7hSxiG7A1h8leOv4F3Ek/oeJX6U8nnL9nJ5pHLVuPWD0aNnTPTJD8Y4oQTp5zLhDIIfaJCaGcQperULVF7K6yX8MhHxIBwek418rKIp11om0SWBXOYSGOM0rNNN59qNiKwLNK+MPUf7ObcRBN5I5vg8jB7IMoz66jrNmT2uiWCyI8MmYDZgAACPoaZ9REyqke+AE1/x1ZX0w7OamUexKF8YGZiw+cDpT/BP1GsONnwI4a8M7HsBtDgZPRd6/Hfqlq3HE2xLuhYX8bAc1MUr0gP9KuH6HDQNlIV4KaRZWxyRo1wmKHOF5G5wTHrtxg8tnXylMc1PKOtaXIU4JJZ1l4x/7FwhPmg9M86PBPWr5zwUj2CVXC7wWlL/6M89Mlh8yXESMO3AIuAmEMKjqauPrgi9hAdI2oqnLZWCRL9gcHBida1y0DTXQhcwMv1ORrk65VFHtVgYAegrxu3NDoJiDyVaPZxDwTYRGjPII3va8GALAMVy5xou2ikzRvJjW7Gm3XoaqJCTCExN4m5i/Dqc81Gr4uT7OaeypYTUjnwCh7aMhsOTDJehefzjXhlkn//2eik+NivKx/BTJBEdT6MR97Wh/ns/VcK7QTmbjwbU2cwLngT7Ylq+uzhx54R9JMaSLhnw+/nIrcVkG77Hi3neShKeZmnl5DC9PuwIbtNvVge3Q+V0ws2zsL3z7ndz4tTMYFdvR/XbrnbEErTDLWrV6Lc3JHQMs0bYUyTBg5dThwCiuZ1evaT6BlMMLuSCVxdBGzXTBcvGwihFzZbyNoX+52DS5x+RbIEvd6KWOpQ6Ni+1GAawHDdNUiQTQFXRxLSHfc9fh7hE4qcD7PqHGsykYj7A0XqHCjbKKgWSkcAg==

Access token contains information about

  1. our app (claim).
  2. Permission app has for the resource (Microsoft cloud service => Office 365 Groups, Users, Mail, contact etc.) – ensures that caller has proper permissions
  3. It contains information about API available through Microsoft Graph

Steps to get the Access Token in CSOM code

  1. To call Microsoft Graph, our app must acquire an access token from Azure Active Directory (AD), Microsoft cloud identity service.
  2. Our app need to be able to authenticate with Azure AD.
  3. We attach the access token as a Bearer token to the Authorization header in HTTP request as

HTTP/1.1

Authorization: Bearer EwAoA8l6BAAU … 7PqHGsykYj7A0XqHCjbKKgWSkcAg==

Host: graph.microsoft.com` GET https://graph.microsoft.com/v1.0/me/ 

/// <summary>
/// Method to set the access token to HttpRequestMessage header
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
   //Azure App ID	
   string clientId = "";
   //Client secret key	
   string clientSecretKey = "";
   string authority = "https://login.windows.net/<TenantID>";
   // AuthenticationContext – class used to retrieve authentication token from Azure AD and ADFS service
  AuthenticationContext authenticationContext = new AuthenticationContext(authority);
 //Client credential object – we are connecting Azure on be half of App
 ClientCredential clientCredential = new ClientCredential(clientId, clientSecretKey);
//Getting AccessToken
AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com/", clientCredential);

//Setting the token in header of HttpRequestMessage object 	
request.Headers.Add("Authorization", "Bearer " + authResult.AccessToken);
}//AuthenticateRequestAsync

References:

Azure Active Directory access tokens

Authorize access to Azure Active Directory web applications using the OAuth 2.0 code grant flow

AuthenticationContext Class

AuthenticationResult Class

Thanks for reading 😊

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

2 Responses

  1. Office 365 – Microsoft Graph – Part 8 – Getting all users of our tenant using CSOM | Knowledge Junction
    April 9, 2019

    […] Graph – Part 2 – Granting permission to Azure Apps to use Microsoft Graph APIs using CSOMOffice 365 – Microsoft Graph – Part 3 – Azure Access Token: to call Graph APIs from CSOMOffice 365 – Microsoft Graph – Part 4 – Fetching all Office 365 groups using CSOM- […]

  2. Microsoft 365 : Executing SharePoint REST API using CURL | Knowledge Junction
    December 11, 2021

    […] For more details on Access Token please have a look once our article – Office 365 – Microsoft Graph – Part 3 – Azure Access Token: to call Graph APIs from CSOM […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: