Skip to main content

Microsoft

Getting Access Tokens for both SharePoint and Microsoft Graph

A few days ago, I was working on a project and needed to know if it was possible to access a user’s Exchange Online calendar using the same access token used to access list data in one of their SharePoint Online site collections. The Microsoft documentation is confusing due to the rapid pace of change with this stuff.
At the time I remember thinking that it seems like we are not quite at the “one token to rule them all” nirvana yet, since the Microsoft Graph API does not yet support getting data out of SharePoint lists or I would just use Microsoft Graph for both the SharePoint Online and Exchange Online (Outlook) data.  Everything I was seeing made it look like I was going to have to make the user authenticate with Azure AD twice, once for each resource in order to get an access token for the requested resource.  Yikes, that would be a horrible user experience!
But finally I figured it out. You can actually get an access token for a different resource by using the original refresh token!  This is means you don’t have to make the user authenticate twice :).
You have to call the AuthenticationContext.AcquireTokenByRefreshTokenAsync method and pass in the original refresh token and the name of the new resource you need the token for, and you will get an access token back!
In my case, I first got an access token (and refresh token) for a SharePoint Online site, and then I used that refresh token to get an access token for the Microsoft Graph resource (https://graph.microsoft.com).
This was not documented anywhere on MSDN, I had to get a cached copy of a Bing search result to find this out. Here is the link that I used:
http://cc.bingj.com/cache.aspx?q=office+365+multiple+resource+refresh+token+&d=4979548031156742&mkt=en-US&setlang=en-US&w=oIxeh7gpcqjYb7B7Ipalkzv9FeNsgn_p
Crazy…

Thoughts on “Getting Access Tokens for both SharePoint and Microsoft Graph”

  1. Link provided here is not working (obviously), would it be possible to share the contents in case you have those offline?

  2. Sorry, I do not have it either. I guess that just helps prove my point about the lack of documentation on this subject area. If you follow what I did in this blog post though, you should have success in getting an access token without having to login again.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tim McCarthy

More from this Author

Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram