0

I want to use all the Microsoft Graph API features, like group/team/calendar/channel/chat etc. But from what I saw microsoft has 3 ways to auth:

[![enter image description here][1]][1] [1]: https://i.stack.imgur.com/dO7ZU.png enter image description here

Under On Behalf of a User is another access token request which I can call.

So I can get 2 tokens from the Graph, App-only token or User token (behalf of a user). I don't find anywhere what is behalf of the user or what is application token, what them do. Because I want to create an application which will connect with only one user (an admin), which will help me to manage all the users. I don't want to connect with every user. For example with an admin account I will create 2 users, when I want to login in my app I will login them in my Sitecore app, but when I want to get their calendar or files etc I will get them with only one Microsoft Team account. And from what I see the team's chat it is not supported by application permission type, only work/school account, but I don't know which is that work account, the on behalf of a user account? Is an admin account from my Azure application? Could somebody explain me which auth token should I use and what that means? Because the microsoft team did not explain that...

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
Alex
  • 1,013
  • 1
  • 13
  • 27

1 Answers1

0

If you want to use your admin account to manage users, it means that you need to do the Graph operation on behalf of this admin account.

So you should choose User token (behalf of a user). Please refer to Get access on behalf of a user to get the access token. And you need to add the Delegated permissions into the Azure AD app.

It uses auth code flow and require you to log in interactively. Then you can use your admin account to sign to create the users.

Please note that when you need to get their calendar or files, you need to sign in with that created users.

Work account is your office 365 account or AAD user. It is created in your AAD tenant. Different from Microsoft personal account. Microsoft personal account is your own 3rd party account which registered to Microsoft.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • Can I get user's calendar and files with that admin account? Why I cannot get this things with an admin account? I will also use chat, could I send chat messages with admin, but to figure out that the messages will be received from the user? – Alex Nov 27 '20 at 10:05
  • @Alex You can use an admin account to access other users' calendar. But you need to configure delegated mailbox. See [this answer](https://stackoverflow.com/questions/59153936/ms-graph-api-calendarview-403-accessdenied-error?answertab=votes#tab-top). And for files, it's another story. Others need to share the files with you. Then you can access the shared files. See https://docs.microsoft.com/en-us/graph/api/drive-sharedwithme?view=graph-rest-1.0&tabs=http. For sending chat messages, please refer to https://docs.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-beta&tabs=http. – Allen Wu Nov 30 '20 at 05:56