Calling Microsoft graph api through flutter app return 401

Question

I am calling the graph api with the token returned from the app to create a user in the tenant. This api totally works fine when calling through postman but not when calling through the mobile app which is created using Flutter.

Here is my request to get the access token through my mobile app. The below code works as expected and returns an access token.

final response = await http.post(
                             Uri.parse(
                                 'https://login.microsoft.com/tenant-id/oauth2/token'),
                             headers: {
                               "Content-Type":
                                   "application/x-www-form-urlencoded",
                             },
                             body: {
                               "grant_type": "client_credentials",
                               "client_id":
                                   "client-id",
                               "client_secret":
                                   "client-secret",
                               "resource": "https://graph.microsoft.com"
                             },
                           );

Now I use the access token to create a user, this returns 401 and does not create a user.

 String url = "https://graph.microsoft.com/v1.0/users";
                         Map<String, String> headers = {
                           'Content-Type': 'application/json',
                           'Accept': 'application/json',
                           'Authorization':
                               'Bearer $token'
                         };
                         final body = jsonEncode({
                           "accountEnabled": true,
                           "city": "Seattle",
                           "country": "United States",
                           "department": "Sales & Marketing",
                           "displayName": "Melissa Darrow",
                           "givenName": "Melissa",
                           "jobTitle": "Marketing Director",
                           "mailNickname": "MelissaD",
                           "passwordPolicies": "DisablePasswordExpiration",
                           "passwordProfile": {
                             "password": "82510f31-1c89-d103-73c8-9fbedda45dcc",
                             "forceChangePasswordNextSignIn": false
                           },
                           "officeLocation": "131/1105",
                           "postalCode": "98052",
                           "preferredLanguage": "en-US",
                           "state": "WA",
                           "streetAddress": "9256 Towne Center Dr., Suite 400",
                           "surname": "Darrow",
                           "mobilePhone": "+1 206 555 0110",
                           "usageLocation": "US",
                           "userPrincipalName": "MelissaD@myorg.onmicrosoft.com"
                         });
                           final response = await http.post(Uri.parse(url),
                               headers: headers, body: body);
                           print(response.statusCode);

Please advise!

can you check with v2 token endpoint > `"https://login.microsoftonline.com/tenantid/oauth2/v2.0/token"` and use scope > scope: `"https://graph.microsoft.com/.default"` and make sure you have User.ReadWrite.All, Directory.ReadWrite.All permissions **granted admin consent**. Use azure ad to create user i.e; (Acquire the tokens from the underlying Azure AD's token endpoint, and not using your B2C policy endpoint.) .Also see https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http — kavyaS, Nov 21 '22 at 07:03

vicky kumar · Answer 1 · 2022-11-30T10:41:38.797

0

You are trying to authenticate for mobile apps , and you are using client credential flow ,please see the lists the set of providers that match the scenarios for different application types- https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS

For the mobile app , you have to use Interactive provider - https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-mobile-acquire-token

Edited

You have to use the Client credentials provider to get the access token , please replace the code where you wrote to get the access token .

For your 2nd question ,you can follow the doc to enable users for SMS-based authentication .

Hope this helps

Thanks

edited Nov 30 '22 at 10:41

answered Nov 21 '22 at 05:20

vicky kumar

563
3
11

Hello Vicky, where should I be adding this in my code above? Also, any idea how to create a user with phone only authentication method and receive a SMS sent to their device? – Sumchans Nov 21 '22 at 19:21
Please check my answer , I added in the answer box . – vicky kumar Nov 30 '22 at 10:54
Hello Vicky, As per my code above I am using clent_credentials to get the access token. The issue I am having is I am not able to create a user with that access token. – Sumchans Nov 30 '22 at 17:12
In that case you have to use , authorization code provider , where to create user you have to add var scopes = new[] { "User.Read" } , doc - https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#client-credentials-provider – vicky kumar Nov 30 '22 at 18:33

Calling Microsoft graph api through flutter app return 401

1 Answers1