Obtaining bearer access token to access o365 resource, using Azure AD auth

Question

I'm using the bog-standard, file->new Asp.Net Core Web Application (Razor Pages) project, and configuring it to use Azure AD authentication against an o365 instance, which works just fine.

I now want to use the app to access an o365 resource (eg my calendar) using the Graph API. In asp.net core 2.0, I used the method described here to obtain the access token, cache it, and retrieve it for any graph requests. It relies on an OpenIdConnect event (OnAuthorizationCodeReceived) to obtain the access code.

I don't see any similar event on the new AddAzureAd method available using asp.net core 2.1. Is there now a new method for obtaining the token for use in Graph calls?

Answer 1

This always has been a complex question and depending on your scenario (permissions required, workloads you're talking too) this answer might need to be adjusted. First thing, here, you have the code grant and the id_token. The easiest way to achieve way to achieve what you want to achieve (may not be the best in terms of user experience) it to store the id token temporary. (let's say in a token cache)

services.AddAuthentication()
    .AddOpenIdConnect(opts =>
    {
        opts.Events = new OpenIdConnectEvents
    {
        OnAuthorizationCodeReceived = ctx =>
        {
            return Task.CompletedTask;
        }
    };
    });

You can see an example here you also need to make sure your application is configured with the proper permissions and you should be ready to go!