I followed this blog for generating bearer token.
I have an API like this https://login.microsoftonline.com/<tenantid>/oauth2/token.
I tested it in postman it's working but it is not working in ADF.
Error message
"error": "invalid request"
"error description": "xxxx: The 'resource' request parameter is not supported. \r\nTrace ID: xxxxx\rnCorrelation ID: xxxx\r\nTimestamp: xxxx"
"error codes": [
901002
Yes ,you can use both resource and scope depending upon endpoint.
If you are using endpoint with oauth2/token: https://login.microsoftonline.com/<tenant id>/oauth2/token
You need to use resource=https://graph.microsoft.com/ inside the body
Body: grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&resource=https://graph.microsoft.com/
If you are using oauth2/v2.0/token endpoint
https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token
You need to use scope:
Body: grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret>&scope=https://graph.microsoft.com/.default
The pipeline successfully executed got the token:
Related
I have an API which has Authorization has bearer token. I tested in post man and it's working. However, it's not working when I used web activity in the ADF.
I am passing the url in the URL section. Created new header, typed Authorization and gave value "Bearer token"
Getting below error
Error
Troubleshoot activity failures
{
"errorCode": "2108",
"message": "{\"error\":{\"type\":\"invalid_request_error\",\"message\":\"Request forbidden by administrative rules. Please make sure your request has an acceptable User-Agent header.\",\"documentation_url\":\"https://developer.dentally.co\"}}",
"failureType": "UserError",
"target": "Web1",
"details": []
}
Can anyone please advise?
I reproduced the same in my environment. I successfully generated a bearer Token with Postman.
To solve the above error code:2200. Please follow the below approach.
I used the same URL with web Activity and generated a bearer Token in the Azure data factory.
Generate bearer Token as shown below:
Connect Web activity 2 with newly created Web1 activity
Add dynamic expression : Bearer #{activity('Web2').output.data.Token}
Output:
Reference:
Sample Rest API URL for testing with authentication by Ashok Patel
Whenever i connect Azure platform from my platform & access for Authorization getting an error like the following
Authorization failed with the error message, 'AADSTS900144: The
request body must contain the following parameter: 'code'. Trace ID:
0c2a6ce5-a127-491f-8ef5-34b4b0f11a00 Correlation ID:
5ae207ac-ff51-43da-92a6-0225372c55b1 Timestamp: 2020-10-06 11:19:33Z'
Similarly faced scope value exception.Refered the link AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
Now, How to fetch the code value Azure platform?
Code will be provided in the response of the authorization request. Once obtained you will include it in the token request as detailed in Request an access token.
According to your error message, you are missing request parameters when requesting an access token. You need to put the following parameters in the request body:
For code, it needs to be acquired by interactive login users, you need to execute the following request in the browser to acquire it:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
I want to use the Invoke Device Module API from Azure, where I want to send a payload using the API, which will be responsible for sending message from cloud to the module. I am following this article "https://learn.microsoft.com/en-us/rest/api/iothub/digitaltwinmodel/service/invokedevicemodulemethod"
I am using postman to execute this API, but I am getting the following response.
I have added 2 headers in postman 1] Authorization in this I have added a bearerToken and 2] content-type as application/json. I am giving a payload in the body section. Please let me know what could be wrong here, or if I need to configure it in some different way.
There is a double slash in URL http://azure-devices.net//twins. Can you please try with correct http://azure-devices.net/twins/
I figured out how it is done.
All we need to do is use the SAS Token in the authorization header instead of bearerToken and use the following body.
{
"methodName": "name_of_your_method",
"responseTimeoutInSeconds": 60,
"payload": {
"command": "your_message"}
}
The API URL is the following POST method
"https://fully-qualified-iothubname.azure-devices.net/twins/{deviceId}/modules/{moduleId}/methods?api-version=2019-07-01-preview"
Use the following command to generate SAS Token and FYI SAS Token expires after 1 hour of generation:
az iot hub generate-sas-token -n Ageye
This works perfectly fine and gives the following response:
{
"status": 200,
"payload": {
"status": "ok"
}
}
I wanted to generate Azure token from Postman for API authorization in my project. I am able to generate token using below API request but getting the below error message "Authorization denied for this request" while using the generated token in another API request.
Endpoint#
https://login.microsoftonline.com/:tenant_id/oauth2/token
Params#
tenant_id:As per id generation by azure.
Body# (Form-data)
grant_type:client_credentials
client_id:As per id generation by azure.
client_secret:As per id generation by azure.
resource:Required URL
Response#
"token_type": "Bearer",
"expires_in": "foo",
"ext_expires_in": "foo",
"expires_on": "foo",
"not_before": "foo",
"resource": "foo",
"access_token":foo
Since the above returned token is not accepted, I had passed username and password as well in body of the request but ended up with same results. Also azure did not consider my credentials even they are wrong.
Could you please assist what else I need to send in the response to get valid token id?
The Valid format for client_credentials authentication flow is like below:
Azure Portal Credentials For App Id and Tenant Id:
Application Secret from Portal:
Token Endpoint Or URL:
https://login.microsoftonline.com/YourTenantName.onmicrosoft.com/oauth2/token
Request Param:
grant_type:client_credentials
client_id:b603c7be_Your_App_ID_e6921e61f925
client_secret:Vxf1Sl_Your_App_Secret_2XDSeZ8wL/Yp8ns4sc=
resource:https://graph.microsoft.com
PostMan Sample:
Token On Response:
Expose Your Own API:
When You want to authorize your own API you have add it here. So that your token will contain this permission and this API can be accessed. Refer this docs
For more clarity you could refer official docs
You should try adding "X-ZUMO-AUTH" header to your request when using the generated token.
GET https://<appname>.azurewebsites.net/api/products/1
X-ZUMO-AUTH: <authenticationToken_value>
https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to
I've been trying to use the Azure Service Management API in order to list the Hosted Services with no success.
In the first place, I was able to set up the authentication using PowerShell as the Microsoft documentation states here: https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx
My first step was to request an access token using OAuth2 making a POST request to this URL:
https://login.windows.net/<MY_TENANT_ID>/oauth2/token
and passing these parameters:
grant_type: client_credentials
client_id: <THE_CLIENT_ID_OF_THE_APP_REGISTERED_THROUGH_POWERSHELL>
client_secret: <THE_PASSWORD_OF_APP_REGISTERED_THROUGH_POWERSHELL>
resource: https://management.core.windows.net
so, I receive a valid response and an access_token included in the response. So far so good.
Then, I want to make a simple call to the Management API; I would like to list my Hosted Services (Cloud Services), so I make a GET request to this URL:
https://management.core.windows.net/<MY_SUBSCRIPTION_ID>/services/hostedservices
Including the following headers:
Authorization: Bearer <THE_ACCESS_TOKEN_RECEIVED_IN_THE_PREVIOUS_STEP>
x-ms-version: 2014-10-01 (I've also tested with different versions)
but, what I get is a 401 Unauthorized error, with the following message:
The JWT token does not contain expected audience uri 'https://management.core.windows.net/'
I also tried with a Native Application registered directly in the Azure Portal (with Permissions set to use the Service Management API) and requesting a token using the grant_type = authorization_code. I get the access_token correctly and a refresh_token, but when I try to make a request to the above URL, I get the same error message.
On a side note, I am able to use the Azure Insights API successfully; the issue above is with the Azure Service Management API.
Anyone knows what I am missing?
I faced the same problem today. Complete the resource url with '/' https://management.core.windows.net
See the mismatch between the url in your resource and the one in the error message 'https://management.core.windows.net/'