The information below uses PowerShell as the vehicle to make HTTP requests. The complete script is included here.
Any script that authenticates against Microsoft Graph requires the following.
You get these items when you create the application in the Azure Portal.
You use this information to authenticate against https://login.microsoftonline.com/
You need to specify the Tenant you wish to authenticate and protocl using the following format.
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
You construct an object to pass to the endpoint containing the Client ID and Secret.
$body = @{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
And then include it in the web request.
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
Once you have this response you can strip out the bearer token.
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
You include the token with your API request. This Graph API query will retrieve users.
$output = Invoke-WebRequest -Method "GET" -Uri "https://graph.microsoft.com/v1.0/users" -ContentType "application/json" -Headers @{Authorization = "Bearer $token"} -ErrorAction Stop
For most modern development languages you can get a quickstart showing you how to connect to the Graph API and use the modules provided to authenticate and make queries.