Script Components

The information below uses PowerShell as the vehicle to make HTTP requests. The complete script is included here.

Any script that authenticates against Microsoft Graph requires the following.

  1. Tenant ID
  2. Client ID
  3. Client Secret

You get these items when you create the application in the Azure Portal.

You use this information to authenticate against

You need to specify the Tenant you wish to authenticate and protocl using the following format.{tenantId}/oauth2/v2.0/token 

You construct an object to pass to the endpoint containing the Client ID and Secret.

$body = @{
    client_id     = $clientId
    scope         = ""
    client_secret = $clientSecret
    grant_type    = "client_credentials"

And then include it in the web request.

$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing

Once you have this response you can strip out the bearer token.

$token = ($tokenRequest.Content | ConvertFrom-Json).access_token

You include the token with your API request. This Graph API query will retrieve users.

$output = Invoke-WebRequest -Method "GET" -Uri "" -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -ErrorAction Stop

For most modern development languages you can get a quickstart showing you how to connect to the Graph API and use the modules provided to authenticate and make queries.

Quick start with Microsoft Graph