microsoft app registration for access token code example

Example: how to get access token using refresh token oauth2 graph api

# SCRIPT BEGINS FROM HERE #
echo "SCRIPT EXECUTION BEGINS"
echo " "
echo "Script to  request new access token and refresh token from refresh token of MS-Graph apis"
echo " "
echo "You can also follow this links for reference" 
echo "https://www.youtube.com/watch?v=FTULjLL-ZDI"   
echo "https://dzone.com/articles/getting-access-token-for-microsoft-graph-using-oau-1" 
echo " "
echo "If don't know your Azure-AD-Tenant-Name then just follow this below link to get it"
echo "https://helpdesk.kaseya.com/hc/en-gb/articles/115002521251-How-Do-I-Find-My-Azure-AD-Tenant-Name-"
echo " "
read -p "Enter your Tenant name : " tenant
echo "Tenant named your entered is: $tenant "

echo " "
read -p "Enter your client_id: " client_id
echo "Client_id you entered is: $client_id"

echo " "
read -p "Enter your client_secret: " client_secret
echo "Client_secret you entered is: $client_secret"

echo " "
read -p "Enter your redirect_uri (eg. http://localhost): " redirect_uri
echo "redirect_uri you entered is: $redirect_uri"

echo " "
echo "Enter the refresh_token value you haved copied from postman"
read -p "Enter your refresh token: " refresh_token
echo " "
echo "Refresh_token: " $refresh_token


authorization_endpoint=$(curl -s  "https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration" | jq -r '.authorization_endpoint')
token_endpoint=$(curl -s  "https://login.microsoftonline.com/${tenant}/v2.0/.well-known/openid-configuration" | jq -r '.token_endpoint')

echo " "
echo "Authorize endpoint of your tenant is"
echo "$authorization_endpoint"

echo " "
echo "Token endpoint of your tenant is"

echo "$token_endpoint"


#token=$(curl -H "Content-Type: application/application/x-www-form-urlencoded" -X POST "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token"   --data-urlencode 'client_id=63bf591a-e1c' --data-urlencode 'client_secret=WUR-AH-7ML1fSHT_oH6HVVA8Jd' --data-urlencode 'redirect_uri=http://localhost'  --data-urlencode 'grant_type=refresh_token' --data-urlencode 'refresh_token=$refresh_token' --data-urlencode 'scope=https://graph.microsoft.com/.default' --data-urlencode 'tenant=$tenant' )

#token=$(curl -s -X POST "$token_endpoint" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "client_id=45789-87a3-cbb1d1076b3b" --data-urlencode "client_secret=_oH6HVVA8Jd5p9OCa-S" --data-urlencode "redirect_uri=http://localhost" --data-urlencode "grant_type=refresh_token" --data-urlencode "refresh_token=$refresh_token" --data-urlencode "scope=openid profile offline_access  https://graph.microsoft.com" --data-urlencode "tenant=$tenant" | jq .access_token)

token=$(curl -s -X POST "$token_endpoint" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode "client_id=$client_id" --data-urlencode "client_secret=$client_secret" --data-urlencode "redirect_uri=$redirect_uri" --data-urlencode "grant_type=refresh_token" --data-urlencode "refresh_token=$refresh_token" --data-urlencode "scope=openid profile offline_access https://graph.microsoft.com/.default" --data-urlencode "tenant=$tenant" | jq .access_token)
echo " "
echo "Your renewed access token is:"
echo " "
echo "$token"
echo " "
echo "SCRIPT ENDS"

# SCRIPT ENDS HERE