Python:
import requests
# This script demonstrates how to use the Device Code Flow to authenticate a user and obtain an access token for Microsoft Graph API.
def get_device_code(client_id, tenant):
url = f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode"
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
#user.read scope is used to get user information
#mail.read
#files.read
data = {
"client_id": client_id,
"scope": "https://graph.microsoft.com/user.read"
}
response = requests.post(url, headers=headers, data=data)
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Error getting device code: {response.status_code} - {response.text}")
def get_access_token(client_id, tenant, device_code):
url = f"https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token"
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
data = {
"client_id": client_id,
"grant_type": "urn:ietf:params:oauth:grant-type:device_code",
"device_code": device_code
}
response = requests.post(url, headers=headers, data=data)
if response.status_code == 200:
return response.json()
else:
raise Exception(f"Error getting access token: {response.status_code} - {response.text}")
if __name__ == "__main__":
CLIENT_ID = "Replace with your client ID creaed in Azure or Microsoft Graph"
TENANT = "consumers" # Replace with target tenant (e.g., "common", "organizations", or a specific tenant ID)
try:
device_code_response = get_device_code(CLIENT_ID, TENANT)
print(f"Device Code: {device_code_response['device_code']}")
print(f"User Code: {device_code_response['user_code']}")
print(f"Verification URI: {device_code_response['verification_uri']}")
print(f"Expires in: {device_code_response['expires_in']} seconds")
# Wait for user to authenticate
input("Press Enter after authenticating...")
access_token_response = get_access_token(CLIENT_ID, TENANT, device_code_response['device_code'])
print(f"Access Token: {access_token_response['access_token']}")
except Exception as e:
print(e)to read the data you can use curl for example:
Bash:
curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
https://graph.microsoft.com/v1.0/me
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks...
www.volexity.com
