Microsoft Graph API access token validation failure

Question

I use this URL to get id_token:

https://login.microsoftonline.com/common/oauth2/authorize?
response_type=id_token%20code&
client_id=MY_CLIENT_GUID_ID_IN_         


        

Answer 1

To receive the access token and use it for profile requests, you don't need anything from server-side, you can implement the oAuth2 just from the client side.

Use the following URL for login:

https://login.microsoftonline.com/common/oauth2/authorize?client_id=YOUR_CLIENT_ID&resource=https://graph.microsoft.com&response_type=token&redirect_uri=YOUR_REDIRECT_URI&scope=User.ReadBasic.All

After successful login, user will redirected to the page with access_token parameter. Then use the following AJAX call to fetch user info:

var token = login_window.location.href.split('access_token=').pop().split('&')[0];
$.ajax({
    url: "https://graph.microsoft.com/v1.0/me",
    type: "GET",
    beforeSend: function(xhr){xhr.setRequestHeader('Authorization', 'Bearer '+token);},
    success: function(data) {
      alert('Hi '+data.displayName);
      console.log(data);
    }
});

Note that you may need to enable oauth2AllowImplicitFlow:true setting from your Azure Active Directory application manifest file.

Set "oauth2AllowImplicitFlow": false to "oauth2AllowImplicitFlow": true.

Lastly, ensure that your app has required permissions for Microsoft Graph which are sign in users and View users' basic profile