Unleash the Potential of Power Platform With a Center of Excellence
Business innovation often comes from within. Discover how to empower innovation from non-traditional developers with the Microsoft Power Platform.
A few days ago, I was working on a project and needed to know if it was possible to access a user’s Exchange Online calendar using the same access token used to access list data in one of their SharePoint Online site collections. The Microsoft documentation is confusing due to the rapid pace of change with this stuff.
At the time I remember thinking that it seems like we are not quite at the “one token to rule them all” nirvana yet, since the Microsoft Graph API does not yet support getting data out of SharePoint lists or I would just use Microsoft Graph for both the SharePoint Online and Exchange Online (Outlook) data. Everything I was seeing made it look like I was going to have to make the user authenticate with Azure AD twice, once for each resource in order to get an access token for the requested resource. Yikes, that would be a horrible user experience!
But finally I figured it out. You can actually get an access token for a different resource by using the original refresh token! This is means you don’t have to make the user authenticate twice :).
You have to call the AuthenticationContext.AcquireTokenByRefreshTokenAsync method and pass in the original refresh token and the name of the new resource you need the token for, and you will get an access token back!
In my case, I first got an access token (and refresh token) for a SharePoint Online site, and then I used that refresh token to get an access token for the Microsoft Graph resource (https://graph.microsoft.com).
This was not documented anywhere on MSDN, I had to get a cached copy of a Bing search result to find this out. Here is the link that I used: