后台访问microsoft Graph API

Question

i'm developing a single page application for a costumer. I need to create a script that allows me to access to my app without user interaction. for example i press a button and the script automatically log me in (i know username and password of the user). The user don't need to see the window where i put username and password. Is it possible? at the moment my login script is:

const authResult = await msalClient.loginPopup(msalRequest);
localStorage.setItem('msalAccount', authResult.account.username);

// Get the user's profile from Graph
user = await getUser();
// Save the profile in session
localStorage.setItem('graphUser', JSON.stringify(user));
if(accountAttivo!=""){
setActiveUser();
}
updatePage(Views.home);

Answer 1

Looks like you are trying to follow the ROPC flow as you are using username and password credentials in your script, access token must be fetched from AAD before we call getUser(). To fetch any details using graph api we need to have access token please go through the article which helps you more in understanding.

Let's say we wrote a function called getAccessToken() to fetch the token. Once the token fetched and is saved in the sessions, following code can be used in getUser() to fetch the user profile.

const options = {
    authProvider,
};
const client = Client.init(options);
let res = await client.api('/me')
    .get();

Calling both the functions getAccessToken() and getUser() in the code flow of the button click event should bypass the user interaction with the application to enter credentials.

NOTE : Microsoft does not recommend to user ROPC flow. This most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.