Coursehulu.com

Microsoft Graph API authorization and authentication for app

Want to develop application to access resources with Microsoft Graph API’s then please enroll for this course

Authentication and authorization basics:

What you’ll learn

Course Content

Requirements

Authentication and authorization basics:

To call Microsoft Graph, your app must acquire an access token from the Microsoft identity platform. The access token contains information about your app and the permissions it has to access the resources and APIs available through Microsoft Graph. To get an access token, your app must be registered with the Microsoft identity platform and be authorized by either a user or an administrator to access the Microsoft Graph resources it needs.

 

Register your app with the Microsoft identity platform

Before your app can get a token from the Microsoft identity platform, it must be registered in the Azure portal. Registration integrates your app with the Microsoft identity platform and establishes the information that it uses to get tokens, including:

 

Microsoft Graph permissions

Microsoft Graph exposes granular permissions that control the access that apps have to resources, like users, groups, and mail. As a developer, you decide which Microsoft Graph permissions to request for your app. When a user signs in to your app they, or, in some cases, an administrator, are given a chance to consent to these permissions. If the user consents, your app is given access to the resources and APIs that it has requested. For apps that access resources and APIs without a signed-in user, permissions can be pre-consented to by an administrator when the app is installed.

 

 

Delegated and application permissions

Microsoft Graph has two types of permissions:

Effective permissions

Effective permissions are the permissions that your app has when making requests to Microsoft Graph. The effective permissions are determined by a combination of the Microsoft Graph permissions that you granted to the app and the privileges of the signed-in user or the calling app. Within organizations, the policy or membership in one or more roles determine the privileges of the signed-in user or an app. It’s important to understand the difference between the delegated and application permissions your app has and its effective permissions when making calls to Microsoft Graph.

Effective permissions in delegated versus application-only permission scenarios