azureasp.net-coremicrosoft-graph-apigraphserviceclient

Token management for ClientSecretCredential usage in MSGraph API


I need to send mails from a background application(worker service/azure function) using MSGraph API with Application permission. This is how I have initialized the GraphServiceClient to send emails.

var credentials = new ClientSecretCredential(
                "TenantID",
                "ClientId",
                "ClientSecret",
                new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud });
                
                
GraphServiceClient graphServiceClient = new GraphServiceClient(credentials);

var subject = $"Subject from demo code";
var body = $"Body from demo code";

// Define a simple e-mail message.
var email = new Microsoft.Graph.Message
{
    Subject = subject,
    Body = new ItemBody
    {
        ContentType = BodyType.Html,
        Content = body
    },
    ToRecipients = new List<Recipient>()
    {
        new Recipient { EmailAddress = new EmailAddress { Address = "EmailId" }}
    }
};

// Send mail as the given user. 
graphServiceClient
    .Users["UserID"]
    .SendMail(email, true)
    .Request()
    .PostAsync().Wait();


How long the graphServiceClient will have a valid token and how to regenerate a token when the token is expired.

What are the best practices for this usage


Solution

  • As of May 2022, there is no option to generate a refresh token while using client_credentials options.

    For client_credentials option

    It's possible to generate a refresh token while using on behalf of user

    For on behalf of a user