Using Microsoft Graph

Microsoft Graph can be used together with the On Behalf Flow (OBO), but in order to make this work you must alter your app registration configuration a bit.

info

This documentation is based off issue #40

Backend API App Registration

Head over to Azure -> Azure Active Directory -> App registrations, and select your Backend API Application Registration
Navigate to the Manifest in the menu on the left
Add your OpenAPI/Swagger ClientID to the knownClientApplications (saved as OPENAPI_CLIENT_ID in your .env)

manifest

Select API permissions and ensure User.Read is there. If not, follow the steps in the picture below:
1. Add a permission
2. Select Microsoft Graph under Microsoft APIs
3. Select Delegated permissions
4. Search for and select User.Read
5. Click add permission

user_read

Select Certificates & Secrets and create a secret for your backend to use in order to fetch a Graph token
1. New client secret
2. Give it a name
3. Add

graph_secret

OpenAPI App Registration

Head back to Azure -> Azure Active Directory -> App registrations, and select your OpenAPI/Swagger Application Registration
Select API permissions in the menu on the left
Add email, offline_access, openid, profile scopes
1. Add a permission
2. Select Microsoft Graph under Microsoft APIs
3. Select Delegated permissions
4. Select the permissions
5. Click add permission

user_read

Code

You can now fetch a graph token using the OBO flow. A full code example of an API using Graph can be found in the demo project.

Backend API App Registration​

OpenAPI App Registration​

Code​

Backend API App Registration

OpenAPI App Registration

Code