0

Am pretty new to angular-oauth2-oidc, Unable to access the Microsoft Graph API, using the graph token that we get as the id_token in angular-oauth2-oidc.

the AuthConfig

    export const authCodeFlowConfig: AuthConfig = {

  // Url of the Identity Provider
  issuer: '<sample_issuer>',
  

  // URL of the SPA to redirect the user to after login
  redirectUri: window.location.origin+"/",
  responseType: 'id_token',
  clientId: 'client_id', //ApplicationID
  strictDiscoveryDocumentValidation:false,
  oidc: true,
  scope: 'openid, profile, email, api, User.Read',
  showDebugInformation: true,
  timeoutFactor: 0.01,
}

Here my assumption would be once the authentication is successful then that graph token would have enough permission to access the

https://graph.microsoft.com/v1.0/me/photo/$value

But when I am trying to hit the endpoint with the token that I get from the oidc authentication using the postman am getting the following error

enter image description here

While decoding the token using jwt.io, I can find that the token doesn't have profile or any other scopes enabled.

I tried using the sample application from angular-oauth2-oidc https://github.com/manfredsteyer/angular-oauth2-oidc/tree/master/projects/quickstart-demo

Below is the code sample to trigger the login

enter image description here

Any help or guidance will be appreciated. Thanks!

leox
  • 1,315
  • 17
  • 26

1 Answers1

0

Few things to check here.

  1. You are using OIDC. Please ensure you are using access token and not id token to access Graph API.

    Use something like this to obtain token:

     GET https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?client_id={client id}&response_type=id_token%20token&redirect_uri=http://localhost/myapp/&response_mode=fragment&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&state=12345&nonce=678910

    Please note, the response contains both id token and access token(bearer)here. Only extract out bearer token to call Graph API. Make sure you are checking scopes against access token.

  2. Also, I would suggest try and run in POSTMAN first to isolate your issue from code.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Shweta
  • 351
  • 1
  • 4