If you are like me, reading Microsoft documentation trying to implement Microsoft identity sign in is just nightmare. After precious hours spent flipping and digging down rabbit holes, I had concluded that there are 3 HTTP calls that everyone should try and experiment first for basic understanding before reading the rest of the documentation.
The scenario am explaining here is applicable for public facing web app or services that anyone can register and sign up with, for examples social media or online SaaS websites. As opposed to scenario where an internal company app allowing only their employees to sign in, or scenario where background processing automation jobs needing non-interactive login are not covered here. However once you've understand this article, you will be able to find out how to work on other scenarios on your own easily.
The basic steps are:
- Register your app with Azure AD
- Get authorization code
- Get an access token
- Call Microsoft Graph with the access token
Am not going at length on how to perform this task as you can find many articles on this, but am just going to declare the config used during the registration.
Once registered leave the screen as it is because you are going back to it to generate secret key and grabbing client id.
Now let's fire up our postman/insomnia/any rest client you are using and get RESTing!
The first URL to be called is
with query strings as below
I suggest you use incognito mode so that it will ignore any logged in Microsoft account and display the login screen as below:
Enter your credentials or create new account to login and the consent screen will show up and you can now click Yes.
Finally you'll get redirected to https://dev.to with query string in the URL. Grab the code in the browser's URL bar.
Rest of the steps will involve Insomnia solely.
Second URL to call is to get the access token.
Method: It will be a POST request.
Header: must set
The form params are as below:
(you may generate the secret in Azure portal now)
The final URL would be the call to the Graph API itself to get the user profile that has signed in.
Method: The method is GET
Header: we need to send the Authorization header.
The value of the header must be the word Bearer + the access_token. Example if the access_token was
EwBQA8l6BAAU..., the Authorization header value will be
That's all folks, give it a try and let me know how it goes!