As you probably know you may call Graph API user app-only permissions and user delegated permissions. Here is example of authentication provider which can be used for calling Graph API under delegated permissions (using username and password):
public class AzureAuthenticationProviderDelegatedPermissions : IAuthenticationProvider
{
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
var delegatedAccessToken = await GetGraphAccessTokenForDelegatedPermissionsAsync();
request.Headers.Add("Authorization", "Bearer " + delegatedAccessToken);
}
public async Task<string> GetGraphAccessTokenForDelegatedPermissionsAsync()
{
string clientId = ...;
string userName = ...;
string password = ...;
string tenant = ...;
var creds = new UserPasswordCredential(userName, password);
var authContext = new AuthenticationContext(string.Format("https://login.microsoftonline.com/{0}", tenant));
var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", clientId, creds);
return authResult.AccessToken;
}
}
However when you call Graph API with delegated permissions you may get the following error:
AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
The reason may be that app which app id is used for authentication is Default client type is set to private, i.e. “Treat application as a public client” set to No:
In order to fix it set Default client type to Public (set “Treat application as a public client” to Yes).
No comments:
Post a Comment