# Graph Delegated Authorization + DataVerse This demo shows how you would authorize a token call to Microsoft Graph for delegated permissions where a token response is required. This setup involves an app registration in [Azure Portal](https://portal.azure.com/), as well as registered redirects and the appropriately selected API Permissions. To run the below demo, grab the [Web Host Utilities](/blueprints/web-host-utilities.md) and drop it into your project. Our redirect is `https://localhost:7201/api/token` - which is why our call to map the incoming HTTP request is `/api/token`. ```csharp PerigeeApplication.ApplicationNoInit("GraphDemo", (c) => { //Graph and token endpoint var dvGraph = new GraphClient( c.GetValue("graph:tenant"), c.GetValue("graph:client"), c.GetValue("graph:secret"), c.GetValue("graph:scope"), c.GetValue("graph:redirect"), "", c.GetLogger()); //Add token receive endpoint c.AddMinimalAPI("TokenReceiver", 7201, (w) => { w.MapGet("/api/token", ([FromQuery] string code, GraphClient graph) => { CredentialStore.RefreshAuthorizationCode(graph.credentialName, code); return Results.Ok("Got the new code! Thanks!"); }); }, (b,s) => s.AddSingleton(dvGraph)); //Await a valid credential on load var cred = CredentialStore.AwaitValidCredential(dvGraph.credentialName, c.GetCancellationToken()).GetAwaiter().GetResult(); c.GetLogger<_PerigeeStartup>().LogInformation("Authorized Account: {acc}", cred.JWTGetValue(cred.DecodeJWT(cred.Authorization), "unique_name")); }); ``` The `appsettings.json`: ```json "graph": { "tenant": "tenantguid", "client": "clientguid", "secret": "secretkey", "scope": "user.read Channel.ReadBasic.All Team.ReadBasic.All offline_access", "redirect": "https://localhost:7201/api/token" } ``` It's very important to include **`offline_access`** if you want to be able to refresh the token automatically. ## For DataVerse If you're trying to communicate with DataVerse, simply change the domain and scope parameters: ```csharp PerigeeApplication.ApplicationNoInit("GraphDemo", (c) => { //Graph and token endpoint var dvGraph = new GraphAPI( c.GetValue("graph:tenant"), c.GetValue("graph:client"), c.GetValue("graph:secret"), c.GetValue("graph:scope"), c.GetValue("graph:redirect"), c.GetValue("graph:domain"), c.GetLogger()); //Add token receive endpoint c.AddMinimalAPI("TokenReceiver", 7201, (w) => { w.MapGet("/api/token", ([FromQuery] string code, GraphClient graph) => { CredentialStore.RefreshAuthorizationCode(graph.credentialName, code); return Results.Ok("Got the new code! Thanks!"); }); }, (b,s) => s.AddSingleton(dvGraph)); //Await a valid credential on load var cred = CredentialStore.AwaitValidCredential(dvGraph.credentialName, c.GetCancellationToken()).GetAwaiter().GetResult(); c.GetLogger<_PerigeeStartup>().LogInformation("Authorized Account: {acc}", cred.JWTGetValue(cred.DecodeJWT(cred.Authorization), "unique_name")); //Pull DV var Employees = dvGraph.GetDataVerseTable("cr521_employees"); }); ``` The `appsettings.json`: ```json "graph": { "tenant": "tenantguid", "client": "clientguid", "secret": "secretkey", "domain": "https://org1234567.api.crm.dynamics.com" "scope": "https://org1234567.api.crm.dynamics.com/.default offline_access", "redirect": "https://localhost:7201/api/token" } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.perigee.software/examples-and-demos/graph-delegated-authorization-+-dataverse.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.