----
To get an access token for Graph API call, you can follow the steps below:
Go to the Azure portal and sign in to your account.
Navigate to the Azure Active Directory resource that you want to use.
1. Click on the App registrations tab.
2. Select the app that you want to use.
3. Click on the Certificates and secrets tab.
4. Click on the New client secret button.
5. Enter a description for the client secret and select an expiration date.
6. Click on the Add button.
7. Copy the value of the client secret and store it securely.
8 Use the copied client secret value to authenticate your requests.
9. You can use the following code snippet in PowerShell to get an access token:
```sh
$tenantId = "< your-tenant-id >"
$appId = "<your-app-id >"
$clientSecret = "< your-client-secret >"
$resource = "https://graph.microsoft.com"
$body = @{grant_type="client_credentials";client_id="$appId";client_secret="$clientSecret";resource="$resource"}
$oauthUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$oauth = Invoke-RestMethod -Method Post -Uri $oauthUrl -Body $body
$accessToken = $oauth.access_token
# Note: Replace < your-tenant-id >, < your-app-id >, and < your-client-secret > with your own values.
```
----
Example 1:
```sh
$tenantId = "< your-tenant-id >"
$appId = "<your-app-id >"
$clientSecret = "< your-client-secret >"
$resource = "https://graph.microsoft.com"
$body = @{grant_type="client_credentials";client_id="$appId";client_secret="$clientSecret";resource="$resource"}
$oauthUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$oauth = Invoke-RestMethod -Method Post -Uri $oauthUrl -Body $body
$accessToken = $oauth.access_token
$headers = @{
"Authorization" = "Bearer $accessToken"
}
$response=Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users" -Headers $headers
$response.value | select id , displayname
# Note: Replace < your-tenant-id >, < your-app-id >, and < your-client-secret > with your own values.
# Note: Need User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All Permissions to access MS graph users API endpoint
```
Example 2:
```sh
$tenantId = "< your-tenant-id >"
$appId = "<your-app-id >"
$clientSecret = "< your-client-secret >"
$resource = "https://graph.microsoft.com"
$body = @{grant_type="client_credentials";client_id="$appId";client_secret="$clientSecret";resource="$resource"}
$oauthUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$oauth = Invoke-RestMethod -Method Post -Uri $oauthUrl -Body $body
$accessToken = $oauth.access_token
$headers = @{
"Authorization" = "Bearer $accessToken"
}
$response=Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/users" -Headers $headers
$response. value | select id , displayname
(Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/groups?$filter=resourceProvisioningOptions/Any (x:x eq 'Team')" -Headers $headers).value |select id , displayname , mailNickName , mail
# Note: Replace < your-tenant-id >, < your-app-id >, and < your-client-secret > with your own values.
# Note: Need Group.Read.All, Group.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All Permissions to access MS graph groups API endpoint
```
Example 3:
```sh
$tenantId = "< your-tenant-id >"
$appId = "<your-app-id >"
$clientSecret = "< your-client-secret >"
$displayName ="< displayName>"
$resource = "https://graph.microsoft.com"
$body = @{grant_type="client_credentials";client_id="$appId";client_secret="$clientSecret";resource="$resource"}
$oauthUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$oauth = Invoke-RestMethod -Method Post -Uri $oauthUrl -Body $body
$accessToken = $oauth.access_token
$headers = @{
"Authorization" = "Bearer $accessToken"
"Content-Type" = "application/json"
}
$filter='$filter'
$uri = "https://graph.microsoft.com/v1.0/users?$filter=displayName eq '$displayName' "
$response=Invoke-RestMethod -Uri $uri -Headers $headers
$response. value | select id , displayname
# Note: Replace < your-tenant-id >, < your-app-id >, and < your-client-secret > with your own values.
# Note: Need User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All Permissions to access MS graph users API endpoint
```
Saturday, September 9, 2023
Invoke Microsoft Graph API endpoint using accesstoken in az cli
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment