its funny, i am also implementing the same Microsoft graph api and i am able to connect, my question is i am now trying to implement it as a service, what difference does it have when it connected as a service, i did connected using oauth2 by passing clientid/secret

What do you mean by "connected as a service"?

It boils down to this (taken from one of brad's links in the other thread):

the permission scopes introduced only cover the basic scenarios: access only your own resources, access resources shared with you, access all resources. For applications running in the scope of a given user, the so-called delegated permissions model, this is rarely a problem, as the workload can trim those permissions to cover just the resources the user has access to. For the so-called application permissions however, where the app runs without a signed in user, access is given to any and all resources.

So if you have an app with delegate permissions, that's easy to set up, and provided you can interact with it, you can sign in as a user, and do things on their behalf. If you have an app with application permissions because you can't interact with it to sign in as a user, then you're given access to do anything to anyone. But you can only have that if an admin approves it for you. And no admin in their right mind should be okay with that.

It’s an internal app so I think at this point it does make sense