My aim is to get an application to interact with Azure Connectors. At the moment, I'm focusing on getting working connections before I dive into the actual code.
I am trying to get GET https://graph.microsoft.com/v1.0/external/connections to work. (doc)
On a test Azure tenant, I've set up an app registration for Single-page application allowing me to use the implicit OAuth 2.0 authentication flow. (Grants access tokens, not ID tokens, and I've allowed public client flows just in case)
Note that the simple get user request (no special permissions needed) works fine from Postman with this setup. (GET https://graph.microsoft.com/v1.0/me)
However, when I got to the actual connectors request, things stopped working. I set up Delegated permissions for ExternalConnection.Read.All. This permission is enough to get the request to work on Graph Explorer, but now I am getting 403 forbidden responses on Postman when the request is sent out (not the authentication request, which works fine and returns an access token).
I've tried adding application permissions on top of delegated permissions, to no avail.
I would like to keep the implicit flow if possible, I am just surprised by how difficult this is.
I registered one Single-page application and granted same API permissions as below:
When I tried to fetch the external connections by generating token using implicit flow, I too got same error:
Response:
To resolve the error, I used Authorization Code(With PKCE) flow for generating access token via Postman and got the response successfully:
Response:
Make sure to include
Originheader while generating token with Authorization code(with PKCE) flow for Single-page application:You can also use client credentials flow by granting permission of
Applicationtype and use it for fetching list of external connections like this:Response: