I am trying to call graph api URL https://graph.microsoft.com/v1.0/me from a native application but get access denied.
If I call web api authorized controller from the native app, I successfully authenticate.
When I try to make a REST call in the backend, I also get access denied (providing user's token).
I have tried to implement it via HttpClient class (for the native app), and adal.js for the front-end - in both cases I successfully authenticate against the web api controllers decorated with Authorized attribute, but cannot call Graph API service.
I have run a web debugging proxy and ensured that the authorization header is sent properly.
I have done the following:
- Created Azure Native App
- Created Azure Web App
Provided permissions of the native app to the web api app
a. Added Read Directory Data permissions to the default permissions
Entered redirect URI in the Native app - same URL as the one of the Web API
- Updated the Web app manifest from Azure AD. Set oauth2AllowImplicitFlow to true
Provided permissions of the web app
Windows Azure Active Directory:
a. Application Permissions - Read Directory Data
b. Delegated Permissions: Access directory as signed-in user
c. Delegated Permissions: Read Directory Data
d. Delegated Permissions: Sign in and read user profile
Microsoft Graph:
a. Delegated Permissions: Sign users in
b. Delegated Permissions: Access Directory as signed in user
c. Delegated Permissions: Read Directory Data
d. Delegated Permissions: Read all users' full profiles
e. Delegated Permissions: Sign in and read user profile
f. Application Permissions: Read directory data
g. Application Permissions: Read all users' full profiles
Consented the native app successfully
- Consented the web api app successfully
