问题
I am creating an Azure AD App that is using the new Yammer delegated permissions preview to post a message to Yammer using the access token that I obtained from Azure AD. Unfortunately, I get a 401 Unauthorized response when trying to call Yammer Rest APIs.
Here is the code sample:
var resourceId = "https://www.yammer.com";
var endpointUrl = "https://www.yammer.com/api/v1/messages/following.json";
AuthenticationHelper helper = new AuthenticationHelper();
helper.EnsureAuthenticationContext(AuthenticationHelper.AuthorityMultitenant, resourceId);
var token = helper.AuthenticationResult.AccessToken;
HttpClient hc = new HttpClient();
hc.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var result = await hc.GetAsync(new Uri(new Uri("https://www.yammer.com"), endpointUrl));
Here I get the 401 Unauthorized, with a message "Authentication failure". I tried also with api.yammer.com instead of www.yammer.com, with no change. I know that the tokens are being retrieved correctly, as I tested them with other Office 365 REST APIs.
My assumption is that the token is in an unaccepted format, but it is supposed to accept Azure Tokens now that the Delegated Permissions were added. Am I using the wrong resource ID and endpoint?
回答1:
Your code sample looks correct. Does your user have an active Yammer subscription?
回答2:
From an answer on the Yammer IT Pro Networks group for Office 365 developers, this:
Yammer authorization in apps is still handled completely separate from the rest of Office 365. You need to create a Yammer app in your network, and the users still needs to click the consent dialog to authorize it.
Yes, there is a delegated permission for Yammer API in Azure AD, but unless I am mistaken this does not actually do anything.
This is not from a Yammer source, because they never offer any kind of developer support or up-to-date documentation, but it seems entirely likely that this is another "feature" that simply doesn't work at all.
回答3:
I have found the resolution for the problem. It appeared to be that Yammer authentication can be configured in 2 ways - one way is to configure it to use the same authentication as other parts of Office 365, and another one is to is using a different configuration.
If Yammer's own SSO is used (in other words, Yammer has a separaate configuration for ADFS), then this problem happens.If you disable Yammer SSO for your network, all yammer authentication for “mapped” users will be handled by Office365. When that’s done, you can then use the Office 365 API.
来源:https://stackoverflow.com/questions/30684733/yammer-rest-api-401-unauthorized-when-using-azure-ad-token-and-yammer-delegated