发表新帖
发表新帖

Authorization_IdentityNotFound Error while accessing graph API

后端 未结
关注
4 1312
旧时难觅i
旧时难觅i 2021-01-06 06:36

I have searched with the error which I found, Did not find any matching questions. So posting question. Appreciate if some one provides some pointers to proceed.

My

相关标签:
4条回答
  • 半阙折子戏
    2021-01-06 07:11

    In my case, I got the same error after I used Quickstart (step 1), then configured automatically .net sample (step 2), then download the code sample (step 3) as shown in the picture below.

    All steps was done successfully except step 3. Microsoft code generate, generate app id, and app secret in project successfully but the tenant was set to common in appsetting.json as seen in image below.

    I thought it was a valid thing, but later found out that this caused the issue.

    Solution: I copied the Directory (tenant) ID, than replace common with tenant Id, and it worked. I am not sure if this is a bug in Azure Quickstart code generation.

    0 讨论(0)
  • 野性不改
    2021-01-06 07:14

    This sample helped me understand the flows around app-only permissions. https://blogs.msdn.microsoft.com/tsmatsuz/2016/10/07/application-permission-with-v2-endpoint-and-microsoft-graph/

    Key takeaways for me:

    • Ensure you set up the app and specify the Application Permissions needed
    • Do have an admin grant the app permission to run against the relevant directory.

    • Get the relevant token:

      Notice the scope in the request below is https://graph.microsoft.com/.default

      POST https://login.microsoftonline.com/{tenantname}.onmicrosoft.com/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=6abf3364-0a60-4603-8276-e9abb0d843d6&client_secret=JfgrNM9CcW...&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default

    • Use the token to request the relevant graph resource, eg:

      GET https://graph.microsoft.com/v1.0/users/demouser01@[tenant-name].onmicrosoft.com/drive/root/children

Accept: application/json
Authorization: Bearer eyJ0eXAiOi
    0 讨论(0)
  • 广开言路
    2021-01-06 07:18

    You'll find that this document is a better set of instructions for app-only apps.

    There are two issues from your description that stand out.

    1. You'll need to make the call with an X509 certificate for app-only flows.
    2. You need to set up app scopes, rather than delegated scopes on your app - delegated scopes are for delegate flows rather than app-only flows.
    0 讨论(0)
  • 甜味超标
    2021-01-06 07:28

    For me, I had not given admin consent. This is a critical step. My mistake was in thinking that by granting the app permissions, this was giving admin consent, but its not the same thing.

    From step 3 on this site: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

    I just pasted their call into a browser after filling in the tenant and client id, then signed in, and everything worked. 

    GET https://login.microsoftonline.com/{tenant}/adminconsent
?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
    0 讨论(0)
 看不清?
提交回复
热议问题