If you are like me, reading Microsoft documentation trying to implement Microsoft identity sign in is just nightmare. After precious hours spent flipping and digging down rabbit holes, I had concluded that there are 3 HTTP calls that everyone should try and experiment first for basic understanding before reading the rest of the documentation.
The scenario am explaining here is applicable for public facing web app or services that anyone can register and sign up with, for examples social media or online SaaS websites. As opposed to scenario where an internal company app allowing only their employees to sign in, or scenario where background processing automation jobs needing non-interactive login are not covered here. However once you've understand this article, you will be able to find out how to work on other scenarios on your own easily.
The basic steps are:
- Register your app with Azure AD
- Get authorization code
- Get an access token
- Call Microsoft Graph with the access token
App registration
Am not going at length on how to perform this task as you can find many articles on this, but am just going to declare the config used during the registration.
Registration config
Choose Personal Microsoft accounts only.
Redirect URI
Just set anything e.g. https://dev.to. We will be checking the query string once we are redirected to this URL.
Once registered leave the screen as it is because you are going back to it to generate secret key and grabbing client id.
Now let's fire up our postman/insomnia/any rest client you are using and get RESTing!
Get authorization code
The first URL to be called is https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize.
with query strings as below
| Name | Value |
|---|---|
| client_id |
712f78dc-347f-4a1d-ac89-64ba825a8ca6 
|
| response_type | code |
| redirect_uri | https://dev.to |
| scope | user.read |
| response_mode | query |
| state | 12345 |
You may craft the URL manually in a text editor or just use Insomnnia to generate it. Once you've filled up the key-values in Insomnia, copy the generated URL and paste it in a browser.
I suggest you use incognito mode so that it will ignore any logged in Microsoft account and display the login screen as below:
Enter your credentials or create new account to login and the consent screen will show up and you can now click Yes.
Finally you'll get redirected to https://dev.to with query string in the URL. Grab the code in the browser's URL bar.
Rest of the steps will involve Insomnia solely.
Get an access token
Second URL to call is to get the access token.
URL: https://login.microsoftonline.com/consumers/oauth2/v2.0/token
Method: It will be a POST request.
Header: must setContent-Type:application/x-www-form-urlencoded.
The form params are as below:
(you may generate the secret in Azure portal now)
| Name | Value |
|---|---|
| client_id | 712f78dc-347f-4a1d-ac89-64ba825a8ca6 |
| client_secret |
t1R7Q~mfEG1xdhQScpRQ~wkScI_sqlDW9Ri-F 
|
| scope | user.read |
| redirect_uri | https://dev.to |
| grant_type | authorization_code |
| code |
M.R3_BAY.19723c8b-2e08-819a-ade4-a8f1a8897886 Grab this from the previous call |
Insomnia screenshots
Once posted, below is the sample response.
The access_token is the one we are going to use next so grab that lengthy texts!
Call Microsoft Graph API
The final URL would be the call to the Graph API itself to get the user profile that has signed in.
URL: https://graph.microsoft.com/v1.0/me
Method: The method is GET
Header: we need to send the Authorization header.
The value of the header must be the word Bearer + the access_token. Example if the access_token was EwBQA8l6BAAU..., the Authorization header value will be Bearer EwBQA8l6BAAU....
Once you execute the GET request you will receive below sample response:
That's all folks, give it a try and let me know how it goes!
Oldest comments (0)