How to authenticate with MS Graph (deamon)

Team Harti 1 Reputation point
2020-08-12T20:11:02.643+00:00

Hi,
I am digging through the very various documentation concerning authentication to MS Graph 2.0.
I want to automate access to some services from a backend deamon using Kotlin via Java Graph SDK. Simple.

Libs used:
implementation('com.microsoft.graph:microsoft-graph-core:1.0.1')
implementation('com.microsoft.graph:microsoft-graph:1.8.+')
implementation('com.microsoft.graph:microsoft-graph-auth:0.2.0-SNAPSHOT')

Trying to authenticate using
val authProvider = ClientCredentialProvider(clientId, scopes, objectId, tenant, nationalCloud)
val graphClient = GraphServiceClient
.builder()
.authenticationProvider(authProvider)
.buildClient()

Getting
OAuthProblemException{error='invalid_client', description='AADSTS7000215: Invalid client secret is provided.

I guess the objectId is not the proper value for parameter named "secret". Where do I get the value from?

Regards
Thomas

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,067 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saurabh Sharma 23,816 Reputation points Microsoft Employee
    2020-08-12T23:09:24.497+00:00

    @Team Harti Yes, Client Secret is not actually an application object id. You can get the client secret of a registered application by using the following steps -

    1. Go to Azure Active Directory > Application Registration blade
    2. Select your registered application
      17321-image.png
    3. Select "Certificates & Secrets" from Manage section of the blade
    4. Click "New Client Secret" on the page
      17311-image.png
    5. Provide a Description to generate a new secret
      17294-image.png
    6. Copy and use the generated secret in your application.
      17312-image.png
    2 people found this answer helpful.
    0 comments
  2. Team Harti 1 Reputation point
    2020-08-13T06:51:40.773+00:00

    Hi Saurabh,
    thanks for your answer, now it seems authentication works but authorization still fails (see log below).
    Is there any service I can always call to check if the connection is working?
    How do I find out which permission I have to grant for my app to use a certain service?
    Sorry for the stupid questions. I am new with Azure and Graph and having issues to find the matching documentation.

    Regards
    Thomas

    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError
    SCHWERWIEGEND: CoreHttpProvider[send] - 204Graph service exception Error code: NoPermissionsInAccessToken
    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError
    SCHWERWIEGEND: CoreHttpProvider[send] - 204Error message: The token contains no permissions, or permissions can not be understood.
    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError
    SCHWERWIEGEND: CoreHttpProvider[send] - 204
    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError
    SCHWERWIEGEND: CoreHttpProvider[send] - 204GET https://graph.microsoft.com/v1.0/me/people
    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError
    SCHWERWIEGEND: CoreHttpProvider[send] - 204SdkVersion : graph-java/v1.7.1
    Aug 13, 2020 8:42:10 AM com.microsoft.graph.logger.DefaultLogger logError

    0 comments
  3. Saurabh Sharma 23,816 Reputation points Microsoft Employee
    2020-08-13T21:20:44.027+00:00

    @Team Harti In order to use Microsoft Graph API you need to configure Microsoft Graph API permissions in the registered applications. Please follow the below steps to provide necessary permissions -

    1. Navigate to your registered application on Azure Portal
    2. Go to "API Permissions" under Manage on the blade
    3. Click on "Add a Permission" and you will get available APIs as shown below
      17460-image.png
    4. Select "Microsoft Graph" and you can either select "Delegated Permissions" or "Application Permissions" based on your application type and your requirement. In your case as you are using a daemon application you need to select "Application Permissions" from the page. (See screenshot below)
      17544-image.png
    5. Assign permissions required by your application. For example "Calendars.Read" from the list like below -
      17476-image.png
    6. If the permissions requires an Admin consent then you need to provide admin consent as shown below - 17571-image.png

    17572-image.png
    Once you are done with your permissions then you can respective Microsoft Graph API endpoint from your application.
    Here are some documentations you can refer to understand it more -

    Please let me know if you have any other questions

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

  4. James Hamil 24,921 Reputation points Microsoft Employee
    2020-08-31T19:10:28.893+00:00

    Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.