发表新帖
发表新帖

Microsoft graph API: Unable to fetch users with the generated access token

后端 未结
关注
2 451
温柔的废话
温柔的废话 2021-01-21 00:30

I have registered the application in Azure portal and i have generated the client_secret. I require the client grant flow and i have given application permissions also. I have g

相关标签:
2条回答
  • 一生所求
    2021-01-21 01:00

    When using the OAuth 2.0 Client Credentials Grant flow, your scope value should use the built-in .default scope for the resource your are trying to access. This is mentioned in the reference article: Microsoft identity platform and the OAuth 2.0 client credentials flow

    In your case, the resource you are trying to access is Microsoft Graph, so your scope value in the token request should be https://graph.microsoft.com/.default:

    https://login.microsoftonline.com/{tenant-id-or-domain}/oauth2/v2.0/token
    &grant_type=client_credentials
    &client_id={client-id}
    &client_secret={client-secret}
    &scope=https%3a%2f%2fgraph.microsoft.com%2f.default

    Note that for this to succeed, the app's required permissions must be configured (Azure portal > Azure Active Directory > App registrations > API permissions) and granted:

    0 讨论(0)
  • 傲寒
    2021-01-21 01:15

    You could try following way:

    Permission:

    Make sure you have following permission:

    Grant permission On Azure Portal:

    Step:1

    Select Application Permission On API permissions menu

    Step:2

    Select User.ReadWrite.All under Application Permission part But User.Read.All also alright.

    Token Request Format:

    URL:https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token

    For V2.0 URL:https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/v2.0/token

    HTTP Verb: POST

    grant_type:client_credentials
client_id:b603c7be-a866-4-e6921e61f925
client_secret:Vxf1SluKbguf3wE5oGl/2XDSeZ8wL/Yp8ns4sc=
resource:https://graph.microsoft.com

    For V2.0 scope Will be : scope:https://graph.microsoft.com/.default

    See the screen shot below:

    Decode Token & Confirm permission:

    You can use https://jwt.io/ to decode your token to make sure you have required permission: See the below screen shot:

    Request For User List:

    With your Token Request on this endpoint https://graph.microsoft.com/v1.0/users. See the screen shot below. I have successfully get all the user list.

    0 讨论(0)
 看不清?
提交回复
热议问题