Microsoft Graph API
*******************

- Click here for :doc:`sys-office-365`

1. `Register an application with the Microsoft identity platform`_

   e.g. for an app called ``ticket-3597-v1``:

.. image:: ./misc/msgraph-overview.png

.. image:: ./misc/msgraph-redirect-uris.png

2. Under the applications *API permissions* page, choose *Add a permission*,
   select *Microsoft Graph*, and then choose the permissions your app requires
   under *Application permissions*:

.. image:: ./misc/msgraph-application-permissions.png

.. image:: ./misc/msgraph-permissions-sites.png

.. note:: If you change permissions, users and/or admins will have to consent
          even if they have done so previously.

3. Under the applications *Certificates & secrets* page in the *Client secrets*
   section, create a *New client secret*:

.. image:: ./misc/msgraph-client-secret.png

.. warning:: I think you only get a single chance to copy this secret!

4. Copy the *Application (client) ID* to and *client secret* to your web app in
   *Settings*, *Microsoft Graph*, *Settings*:

.. image:: ./misc/msgraph-settings.png

.. tip:: Make a note of the *Redirect URI* for the next step.

5. Under the applications *Authentication* page in the *Redirect URIs* section,
   set the redirect URI for your web site.

.. image:: ./misc/msgraph-redirect-uri.png

.. tip:: The *Redirect URI* is displayed on your web site under
         *Settings*, *Microsoft Graph*, *Settings*.

https://docs.microsoft.com/en-us/graph/auth-v2-service#3-get-administrator-consent

::

  GET https://login.microsoftonline.com/{tenant}/adminconsent
  ?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
  &state=12345
  &redirect_uri=https://localhost/myapp/permissions

.. _`Register an application with the Microsoft identity platform`: https://docs.microsoft.com/en-us/graph/auth-register-app-v2