I've registered an Angular2 app with Microsoft that's completely client-side to access the Graph API. I've enabled Implicit Grant Flow and I'm able to obtain a JWT successfully after login and first-time authorization.
The URL fragment even says that it's a bearer token, like so:
http://localhost:4200/loginRedirect#access_token={JWT_TOKEN_HERE}&token_type=Bearer&expires_in=3600&session_state={state_guid}
My redirect to authenticate, for reference, looks like this:
window.location.href = "https://login.microsoftonline.com/common/oauth2/authorize?resource=" + encodeURIComponent('https://graph.windows.net') + "&response_type=token&client_id=" + this._config.clientId + "&redirect_uri=" + encodeURIComponent(this._config.redirectUri);
Despite including the acquired JWT in my the header of my Graph API request:
Authorization: Bearer {JWT_TOKEN_HERE}
I get a 401: Access Token Validation Error
I assumed that since I successfully retrieved that token it told me was a Bearer, it would've worked, but that doesn't appear to be the case.
Anyone know what I'm doing wrong?
Wrong resource URI. Azure AD Graph API is
https://graph.windows.net.Microsoft Graph API resource URI is
https://graph.microsoft.com/, try it.Azure AD Graph API is AAD's API, whereas Microsoft Graph API covers also Office 365 services. Confusing naming though.