Office
A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,831 questions
How to obtain an access token for microsoft Graph API in an outlook Add-In using Federated credentials
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 86%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Suraj Sinha
5
Reputation points
Hi Microsoft Team,
I am developing a React.js-based Outlook Add-In and for that I have been setting up a federated credential using GitHub Actions as the external Identity Provider (IdP) for an application in Microsoft Entra ID. What additional steps are needed to get an access token using the federated credential? Specifically, I want the token to be scope for calling Microsoft Graph API endpoints.
Below are the steps I have completed so far:
- To create a federated credential, a trust relationship must be established between an external identity provider (IdP) and an app in Microsoft Entra ID by configuring a federated identity credential.
- A software workload can exchange trusted tokens from the external identity provider for access tokens issued by the Microsoft identity platform.
- I chose GitHub Actions as the external identity provider to establish trust between Azure and the external IdP.
- Followed the steps outlined in the documentation to configure the federated identity credential for the application.
https://zcusa.951200.xyz/en-us/entra/workload-id/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp#configure-a-federated-identity-credential-on-an-app
For set up in GitHub Action followed the steps as per steps in documentation:
Authenticate to Azure from GitHub Actions workflows | Microsoft Learn
- Created a repository and for that repository added secrets and variables shown in the snapshot below:
a) Azure_ClientId
b) Azure_TenantId - Created a New Workflow in GitHub Action: Action Tab > New Workflow > set up a workflow yourself.
In “.yml” file added below code and committed the changes:
on: [push]
permissions:
``id-token: write
``contents: read
name: Run Azure Login without subscription
jobs:
``build-and-deploy:
``runs-on: ubuntu-latest
``steps:
``- name: Azure Login
``uses: azure/login@v2
``with:
``client-id: ${{ secrets.AZURE_CLIENT_ID }}
``tenant-id: ${{ secrets.AZURE_TENANT_ID }}
``allow-no-subscriptions: true
``enable-AzPSSession: true
``- name: Azure CLI script
``uses: azure/cli@v2
``with:
``azcliversion: latest
``inlineScript: |
``az account show
``- name: Run Azure PowerShell
``uses: azure/powershell@v2
``with:
``azPSVersion: "latest"
``inlineScript: |
``Get-AzContext
- After running the Job build and deploy is being successful as shown in snapshot.
Questions: How can I obtain an access token from the configuration mentioned above that grants access to Microsoft Graph API?
Office
Outlook
Outlook
A family of Microsoft email and calendar products.
4,304 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,775 questions
Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
4,146 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,395 questions
Sign in to answer