Unable to get a Microsoft Graph Token

Question

I am a user in the Azure tenant directory, trying to get a Token to send a message to a Teams channel.
I can do that via Microsoft Graph Explorer. When I use a Token that Microsoft Graph generates I can send a message to Teams channel via curl and Postman.

However, when I try to get a token I get an error:
Here is the Curl request and response:

curl -X POST https://login.microsoftonline.com/{tenant}/v2.0/token \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "client_id={client id}" \
     -d "client_secret={secret}" \
     -d "scope=Channel.ReadBasic.All TeamMember.Read.All ChannelMessage.Read.All" \
     -d "username={username}" \
     -d "password={password}" \
     -d "grant_type=password"    

Response:
{"error":"invalid_grant","error_description":"AADSTS50034:

The user account {EUII Hidden} does not exist in the {tenant id} directory.

To sign into this application, the account must be added to the directory. T

"error_codes":[50034],"

"error_uri":"https://login.microsoftonline.com/error?code=50034"}%

I am a member of the Azure Tenant users

Answer 1

Hi Suberri, Moshe [GTSUS] I want to help you with this questions.

As I understand, you tried a POST request against EntraID endpoint to get a token.
If you have a service principal (SPN) created and want to use that identity to receive the token, you only need the client_id and secret in the request.

Otherwise, you remove these attributes and use only the username and password. But not both.

I think the endpoint is not the right one here, so please check out this article: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#first-case-access-token-request-with-a-shared-secret
I think it will help you to build your POST request correctly.

---

If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you!