Share via

Ho to get access token to call Graph API

Patra, Braja Bilash (B.) 0 Reputation points
2026-06-03T14:08:02.7766667+00:00

I want to call Graph API from Spring Boot application to retrieve Group information for an user. I am calling this endpoint https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token

Please let me know what details needs to be sent in request parameters.

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest

  1. AI answer

    2026-06-03T14:08:26.5966667+00:00

    To get an access token for Microsoft Graph from a Spring Boot application using the v2.0 /token endpoint, send a POST request with the following form-encoded parameters.

    For delegated (on-behalf-of user) access using authorization code flow:

    Endpoint
    POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

    Required parameters

    • tenant (in URL path)
      • Controls who can sign in:
        • common – work/school + Microsoft accounts
        • organizations – work/school only
        • consumers – Microsoft accounts only
        • Or a specific tenant ID / domain
    • client_id
      • Application (client) ID of the app registration.
    • grant_type
      • Must be authorization_code.
    • scope
      • Space-separated list of scopes, e.g. https://graph.microsoft.com/User.Read or other Microsoft Graph scopes needed to read group info.
      • Must be a subset of what was requested in the authorization request.
    • code
      • Authorization code received from the previous sign-in step.
    • redirect_uri
      • Same redirect URI used when acquiring the authorization code.
    • client_secret (for web apps)
      • Client secret created in the app registration (do not use in native apps).

    Example (form body):

    client_id={client-id}
grant_type=authorization_code
scope=https://graph.microsoft.com/User.Read
code={authorization-code}
redirect_uri={redirect-uri}
client_secret={client-secret}

    The token response will contain:

    • access_token – use this in the Authorization: Bearer {token} header when calling Microsoft Graph (for example GET https://graph.microsoft.com/v1.0/me or group-related endpoints).
    • expires_in, ext_expires_in, token_type, and optionally refresh_token (if offline_access was requested in scope).

    In a Spring Boot app using Microsoft Entra ID Spring Boot Starter and Microsoft Graph SDK for Java, configure the Graph scopes (for example https://graph.microsoft.com/User.Read) in application.yml. The starter prepares an OAuth2AuthorizedClient with the access token, which is then used by GraphServiceClient:

    @GetMapping(path = "/call_graph")
public String callGraph(@RegisteredOAuth2AuthorizedClient("graph") OAuth2AuthorizedClient graphAuthorizedClient) {
  GraphServiceClient graphServiceClient = Utilities.getGraphServiceClient(graphAuthorizedClient);
  User user = graphServiceClient.me().buildRequest().get();
  return user.displayName;
}

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.