.png){kind=small}
This article explains how to use the Microsoft Graph REST API to authenticate a server. By leveraging the identity of a workload rather than pretending to be a user, you can access web-hosted resources using the OAuth 2.0 client credentials, sometimes called as "two-legged OAuth". The client credentials grant type is commonly used for server-to-server interactions that must run in the background without immediate interaction with a user. Once configured, your server will require no direct user interaction to call the Graph API. We will use the OAuth 2.0 client credentials flow with a shared secret for this use case.
The Microsoft identity platform allows an application to use its own credentials for authentication anywhere a client secret could be used, for example, in the OAuth 2.0 client credentials grant flow and the on-behalf-of (OBO) flow.
Summary Steps:
Register a new application using the Azure portal.
Create client credentials
Set API permissions and grant admin consent.
Make a request to Azure Active Directory authentication service using HTTP POST with a client ID and client secret to retrieve an access token.
Use the access token to make HTTP requests to the Microsoft Graph REST API.
Register your Application
Log in to the Microsoft Azure Portal
On the Microsoft Azure screen, in the Azure services section, click Azure Active Directory.
On the navigation pane, in the Manage section, click App registrations.
On the App registrations screen, click New Registration.
On the Register an application screen, in the Name field, enter an application name. FileManager recommends you use the app name associated with your FileManager app or the way you want to use the app in FileManager.
On the Supported account types section select the value that is associated with your OneDrive account type.
Click Register.
The XXXXXXXXXXXXX App screen shows the client ID.
In OneDrive, hover your cursor over the Application (client) ID field, and click Copy to clipboard.
You can use your client ID in you application.
Configure the Redirect URI for the OneDrive App:
Next, configure the Redirect URI in the OneDrive app that connects to your app.
In you application, copy the value from Redirect URI field.
Now, in OneDrive
In OneDrive, on the XXXXXXXXXXXXXXXX App screen, click Authentication.
Click Add to platform field, select your application type. For FileManager apps, this value will often be Web, but it depends how your app is used.
After click web field, paste the Redirect URI value which was copied from FileManager Access Token generation screen for OneDrive.
Click Save.
Configure the Client Secret for the OneDrive App:
On the right side, click Certificates & secrets.
On the Certificates & secrets screen, click New client secret.
In the Description field, enter Client Secret ID.
Click Add.
The client secret shows.
In OneDrive, on the Certificates & secrets screen, in the Client secrets section, for the value associated with the Client Secret ID for your app, click Copy to clipboard.
On the OneDrive Access Token Configuration screen, in the Client Secret ID field, paste the Client Secret ID value which was copied from OneDrive.
“Click Submit and now OneDrive services are ready to use.”
How to authenticate as an application with the Microsoft Graph API For more information, click the below button.