How to call Graph API after logging in with AWS Cognito hosted UI

Adusumalli, Haripriya 1 Reputation point
2024-01-05T07:29:40.0433333+00:00

Hi,

Our react application authenticates through SAML based federated Azure AD identity provider for AWS Cognito. So the application received Cognito ID and access tokens after login. I have a need to display the profile picture of the logged in user, for which I need to call MS Graph API. Since I would require Azure AD access token for calling the GraphAPI, I was exploring on how to exchange the Cognito token with Azure Ad or otherwise capture Azure token in token claims if possible, but I could not figure the way out. I am desperately looking for help. Appreciate any help on the same.

Thanks,

Haripriya

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,266 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,219 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,426 Reputation points
    2024-01-08T06:44:21.2033333+00:00

    Hello @Adusumalli, Haripriya , I understand that you've federated AWS Cognito with Entra ID as a SAML IdP. This case is covered at Scenario: You have a SAML token and want to call the Graph API. Basically, you would leverage the Entra ID session cookie which is the same regardless of the protocol used (SAML or OIDC) to authenticate during the Microsoft Graph access token request.

    To call Microsoft Graph from React applications take a look to React single-page application using MSAL React to sign-in users and call Microsoft Graph API (direct call) and Authenticate a user with Azure AD using msal.js and call an Azure AD protected Node.js Web Api using on-behalf of flow (delegated call).

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.