I am looking into using the Microsoft Graph API with personal OneDrive (logging in via a hotmail account and not an organisation account!).
I want to create a Microsoft Graph client instance and consume the Microsoft Graph API with use-cases such as this
var expandValue = this.clientType == ClientType.Consumer
? "thumbnails,children($expand=thumbnails)"
: "thumbnails,children";
folder = await this.graphClient.Me.Drive.Root.Request().Expand(expandValue).GetAsync();
To retrieve the access token I am using the code grant flow approach as described within this article.
The authorize endpoint being used
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
The token endpoint being used
The scope being used
files.readwrite.all offline_access
Logging in with a hotmail account is returning a non JWT token
This is the first part of this token
EwBgA8l6BAAUO9chh8cJscQLmU+LSWpbnr0vmwwAAcGxJjYeNNkhw+sJQb2zJ
When trying to use this token to create a Microsoft Graph service client instance and consume requests such as the ones shown above, I am getting this error
Code: InvalidAuthenticationToken Message: CompactToken parsing failed with error code: 8004920A Inner error: AdditionalData: request-id: 3f472759-9718-47fb-8da0-df1646bb2fe8 date: 2020-05-19T16:42:44 ClientRequestId: 3f472759-9718-47fb-8da0-df1646bb2fe8
I tried setting the Azure AD App registration "signInAudience" parameter in the manifest to both "AzureADAndPersonalMicrosoftAccount" and "PersonalMicrosoftAccount". The former returns the token as shown above which then fails when sending the request, while when using the latter sign in audience, the token is simply not retrieved and a "Bad request" error with literally no extra info is returned.
Everything works fine when I login with my organisation account. It shows my personal folders within my organization's OneDrive for Business account.
Additionally, if I instead use the below line, I can view my organisation's OneDrive for business shared folders too (just by removing the .Me from after graphClient)
folder = await this.graphClient.Drive.Root.Request().Expand(expandValue).GetAsync();
This article supposedly describes retrieving a bearer token for Microsoft account cases, which I eventually presumed was what I needed.
The authorize endpoint being used
The token endpoint being used
The scope being used
onedrive.readwrite offline_access
Using this approach still returns the same type of token, so this literally left me within the same situation.
I also noticed that the approach within the latter article is discouraged and that in fact the approach of article 1 is suggested! So I simply wasted some more of my time :)
What kind of service/API has to be used for personal OneDrive access (via a hotmail account) ? What kind of token am I getting and what can I use it for? What could I be doing wrong here?