Authentication and authorization of the Graph API
As you noticed in Graph Explorer, the Graph API is not for anonymous users; you need to get authenticated and authorized to make any Graph API call. Looking back at Graph Explorer (Figure 3.6), we have an Access token area generated based on the user that’s logged in.
Access tokens let your application call APIs protected by the Microsoft identity platform. These access tokens are also called JSON Web Tokens (JWTs). These tokens include the expiry time and scopes that are valid.
The following screenshot shows an example of an access token:
Figure 3.7 – Access token
If you are more interested in decoding the access token, go to the URL http://jwt.ms/ and paste the access token. In the next screenshot, we will look at this JWT using jwt.m.
Also, you can see the permissions that are required to create the team that we ran in the previous scenario, which is the authorization part of it...
