I am using azure Graph api to perform Create-Delete operations on Azure Active directory User and Group.
Following are the APIs I am using
User : https://graph.microsoft.com/v1.0/users
Group : https://graph.microsoft.com/v1.0/groups
I am acquiring a token for my application by using PublicClientApplication and aquireToken method with UserNamePasswordParameters + token from cache using acquireTokenSilently method. (MSAL4J library)
I am running the application continuously for around 50 Hrs
But after 40-45Hrs later api giving exception/Response for both User and Group like :
Resource 'Random_ObjectID' does not exist or one of its queried reference-property objects are not present.
Attached server side audit log for reference
Can someone please help me with this?
Thanks.
Please check the possibile causes of the error:
The problem can either be due to throttling when the requests taking
long time or if you are trying to make frequent patch calls and may
happen if your client app is not waiting long enough for the
operation/replication to complete.
Note:Firstly please ensure that is group id and user id are valid and
not exchanged by mistake and please check if their usage is required in particular queries.
Also some api endpoints may not be supported using the v1.0 version .Please check with the Beta version in those cases .
Please Try retry-after logic for exponential increase in retry time
as in Microsoft Graph throttling g |
Microsoft Docs
Also when using where or filter object sometimes may take too much time when many user objects exist.
Please check operations performed by wrapping in a Try and Catch block to handle the error and using without the quey filter where it can be like below:
try
{
//operations like Get-AzureAdUser -ObjectId $UPN rather using the query filters
}
catch(Exception ex)
{
throw ex;
}
The error is usual in some cases where an object is passed to the ObjectId parameter.Instead try with DomainName of your object while passing the ObjectId.
Also please check this.
References
authentication - Resource 'GUID value here' does not exist ...- Stack
Overflow
Known issues with Microsoft Graph - Microsoft Graph | Microsoft Docs
Related
I am trying to get a subscription by ID from Microsoft Graph REST. If I list the subscriptions using GET /subscriptions, things are working fine and I am able to list all subscriptions. But if I take a subscription id from the list and try to get the details using GET /subscriptions/{id}, I am getting the following error:
{
"error":
{
"code":"ExtensionError",
"message":"There was an error processing a storage extension.",
"innerError":
{
"date":"2021-10-12T06:59:47",
"request-id":"ffa4f181-148d-49ed-8c9d-f551f6ddd6f0",
"client-request-id":"ffa4f181-148d-49ed-8c9d-f551f6ddd6f0"
}
}
}
Any ideas on where I might be going wrong?
PS: I am trying to get an individual subscription because the /subscriptions route does not provide the clientState property which is required for me.
When I route to the same /subscription got the #odata.context link.
I open the same link and search for clientState and got its type but not its value.
Note: the clientState property value is not returned for security purposes.
refer this github
Note : Client State is not set for the List Subscription on purpose by design, because subscription collections could be listed by say some other user (example tenant admin using Subscription.Read.All). It is not desirable to share this Client state information through the Listing API for that user who is not the creator of the subscription.
Reference : https://github.com/microsoftgraph/microsoft-graph-docs/issues/5248
When calling the latest (version 2020-01-01) azure tenants api (management.azure.com/tenants) I don't see the same properties in the response as I get when using the "Try it" feature on the "Tenants - List" page in the online Azure REST documentation.
The response that I get only contains the "id", "tenantId" and "tenantCategory" properties. So the cool stuff like countryCode, domains, displayName, etc. are missing. I was using an older api version before which only included the "id" and "tenantId" properties so I do see the additional "tenantCategory" property at least.
When calling the 2020-01-01 version of the subscriptions list API in my code I do get all the same properties that I see when I use the "Try it" feature.
Has anyone else experienced this issue or know what could be the cause?
Thanks in advance!
I tried with https://management.azure.com/tenants?api-version=2020-01-01 in Try it, it returned the properties. Try to use 2020-05-01, 2020-06-01 or 2020-07-01 versions. They all worked for me.
When using Postman to call the API:
So it turns out that if you request the token under user context and use that as bearer token in the authorization header of the API call you get all the properties in the response, i.e. the same properties as you see when using the "Try it" feature online. But in my app I'm requesting it under the application context and then the expected behaviour is to only return the "id", "tenantId" and "tenantCategory" properties. So the tenants api is a bit different than the others and it's supposed to be that way.
I'm using custom policy to invoke a REST API to get something from database and return in claims. It works fine but I need to extend the feature to send extra error code and error message in case any exception happens. I already returned such information as requested ("status":409, "userMessage":). But I don't know where I can get it (in HTTP header/body/somewhere else?). I understand that I can return such information in another claim. But since AAD B2C provides the status code and userMessage there must be a way to use it. Could someone please enlighten me? Thanks a lot.
enter image description here
The error message itself can’t be accessed as a claim. If you want processing to continue, then return a HTTP 200 with a JSON representing the error and use preconditions to control the journey in this case.
We are trying to get shifts from a team.
Error: MS-APP-ACTS-AS header needs to be set for application context requests
The flow process is as follows:
Get oauth2 v2.0 token (Documentation: https://learn.microsoft.com/en-us/graph/auth-v2-service?context=graph%2Fapi%2Fbeta&view=graph-rest-beta)
Get "installedApps" and get the one with "Teams" on it. (https://learn.microsoft.com/en-us/graph/api/teamsappinstallation-list?view=graph-rest-beta)
Get ID from request above
Query for Shift (https://learn.microsoft.com/en-us/graph/api/resources/schedule?view=graph-rest-beta)
The error happens on the last step.
From the documentation:
Important: Application permissions are currently in private preview only and are not available for public use.
I'm trying to make a POST request to Azure AD GraphAPI to create a user in my AD B2C tenant, but I'm getting the following error
"Error Calling the Graph API:
{
"odata.error": {"code": "Request_DataContractVersionMissing",
"message": {"lang": "en",
"value": "The specified api-version is invalid. The value must exactly match a supported version"}
}
I do send the version, and based on the docs it is supported.
Version 1.6
This section lists the changes for Graph API version 1.6.
Graph API version 1.6 introduces the following feature changes:
Added support for Azure Active Directory B2C local account users. This involves new properties on the User entity and a new complex type
SignInName to support local account sign-in to Azure Active Directory
B2C tenants. For more information about Azure Active Directory B2C,
see the Azure Active Directory B2C documentation.
[Edit]
submitted json
{"accountEnabled":true,"signInNames":[{"type":"userName","value":"ausername"}],"creationType":"LocalAccount","displayName":"A display name","passwordProfile":{"password":"a password","forceChangePasswordNextLogin":true},"passwordPolicies":"policies","country":"MX","givenName":"Fstname","surename":"Lstname","department":"Dpt","jobTitle":"Title","mail":"mail#server.com","otherMails":[],"preferredLanguage":"es-MX"}
Any clue on why I'm getting the error?
There is something wrong with the api-version query parameter: Request_DataContractVersionMissing
Data contract version parameter is missing. Include api-version as a query parameter with all your requests.
Doesn't Work
https://graph.windows.net/ebenefitsdev.onmicrosoft.com/users?api‐version=1.6
I get Request_DataContractVersionMissing error when submitting that.
Does Work
https://graph.windows.net/ebenefitsdev.onmicrosoft.com/users?api-version=1.6
The difference is the hyphen char. One is the 'normal' one I typed on my keyboard. The other is from here.
I suspect it is a copy paste problem (I've experienced these in the past).
I see one problem: signInNames not signInName
Documentation for user entity
For future readers, I ran into this issue with 2.0 of graph.windows.net, but it was not the hyphen. It seems this error is also shown if the client ID you used to get a resource token for graph.windows.net is not correct.