When I do a post request to the Azure Key Vault Sign API: https://pkitstencryptkeyvault.vault.azure.net/keys/openssl-rbi-test/1ccc8fc0e0224bb1a65eb159e2b12df1/sign?api-version=7.0
with body:
{
"alg": "ES256",
"value": "RkQ4y5rDgxeaaOzeqeAFT3IGLAEZMz2ztbTbMNzxuMc"
}
The response is:
{
"kid": "https://pkitstencryptkeyvault.vault.azure.net/keys/openssl-rbi-test/1ccc8fc0e0224bb1a65eb159e2b12df1",
"value": "d9J4G06FRMBEKy_FJJj1PEAXhtlezvd6-3_5yo9yeYAFZ_Du583AJzqu3NMTzJAUMoKhnVBx2obnkM0gI1LnoQ"
}
I can't find that information on the Azure Sign API doc.
So what is the format of the value in the response body?
I'm asking this, because when I send a verify request to:
https://pkitstencryptkeyvault.vault.azure.net/keys/openssl-rbi-test/1ccc8fc0e0224bb1a65eb159e2b12df1/verify?api-version=7.0 with body:
{
"alg": "ES256",
"value": "d9J4G06FRMBEKy_FJJj1PEAXhtlezvd6-3_5yo9yeYAFZ_Du583AJzqu3NMTzJAUMoKhnVBx2obnkM0gI1LnoQ"
}
I get the following error:
{
"error": {
"code": "BadParameter",
"message": "Property has invalid value\r\n"
}
}
Although the example does not show it: The digest parameter is missing in your verify request body. This parameter is defined in the API.
Related
I am trying to create a user using azure graph API. For this, I have got the token response as below:
Once I have the token, I have added this as bearer token in Authorization for the below url:
https://graph.microsoft.com/v1.0/users
and posting the below json data:
{
"accountEnabled": true,
"displayName": "Andrew",
"mailNickname": "SanAndrew",
"userPrincipalName": "andrew.san204#gmail.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "password"
}
}
But getting below error:
{
" error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "c06079d2-ff6b-4e5b-b34d-704f16bc312f",
"date": "2019-06-03T11:20:20"
}
}
}
although I have all the permissions as shown below:
Can anyone please suggest what I am doing wrong here.
One possibility for the error is that you are trying to create a user with gmail.com domain. The domain needs to be one of the verified domains in your AAD tenant.
If you want to add a gmail.com user anyway, you need to send an invitation through the invitations endpoint: https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=cs
I am using Azure AD B2C to create users.
After a user is created I would like to add them to a Group
Using Postman I have made the following request (with access token in the header). Note: I have managed to successfully create a group using the Api.
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members/$ref?api-version=1.6
With Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
Which is what the documentation specifies. No matter the body that is sent I get the following error
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "The request URI is not valid. Since the segment 'members' refers to a collection, this must be the last segment in the request URI. All intermediate segments must refer to a single resource."
},
"requestId": "48cf65f3-20ba-411e-8121-f7ea54252f3a",
"date": "2019-05-27T06:09:25"
}
}
I tried removing the /$ref
POST
https://graph.windows.net/{azure-tenant}/groups/{group-objectId/members?api-version=1.6
Body:
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/directoryObjects/{user-objectId}"
}
as well as
{
"#odata.id": "https://graph.windows.net/{azure-tenant}/users/{user-objectId}"
}
Now the error that gets returned now is:
{
"odata.error": {
"code": "Request_BadRequest",
"message": {
"lang": "en",
"value": "Unsupported resource type 'DirectoryObject' for operation 'Create'."
},
"requestId": "2c36cc6d-383c-44f8-8609-2ac3e3efc862",
"date": "2019-05-27T06:15:26"
}
}
The documentation that I have been using https://learn.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=javascript
You are using graph.windows.net endpoint, so you should refer to azure ad graph api.
POST https://graph.windows.net/myorganization/groups/b4bda672-1fba-4711-8fb1-5383c40b2c14/$links/members?api-version=1.6
{
"url": "https://graph.windows.net/myorganization/directoryObjects/3eb6055a-baeb-44d4-a1ea-2fee86d8891b"
}
The document you referred to is microsoft graph api. The endpoint should be https://graph.microsoft.com.
You can use Microsoft Graph explorer to call these apis.
I am working with Outlook Webhook Subscriptions and working on QA server.
According to the Microsoft Graph documentation, we need to send the request to get the webhook notification. I am using Python 3 request module for this.
I am sending the following data but getting the error. I can't figure out where I am going wrong in the process.
url="https://graph.microsoft.com/v1.0/subscriptions"
header={
'Content-Type': 'application/json',
'Authorization':"Bearer "+ "valid access token"
}
data={
"changeType": "created,updated",
"notificationUrl": "https://qa.example.com/get_webhook",
"resource": "/me/mailfolders('inbox')/messages",
"expirationDateTime": "2018-12-11T11:00:00.0000000Z"
}
response=requests.post(url, headers=header, data=data)
After executing the above lines I am getting the following <400> response
'{\r\n "error": {\r\n "code": "BadRequest",\r\n "message":
"Unable to read JSON request payload. Please ensure Content-Type
header is set and payload is of valid JSON format.",\r\n
"innerError": {\r\n "request-id": "3a15ba2f-a055-4f33-a3f8-
f1f40cdb2d64",\r\n "date": "2018-12-10T06:51:32"\r\n }\r\n
}\r\n}'
To post as JSON, you need to json property rather than the data property (i.e. json={"key": "value"}:
url="https://graph.microsoft.com/v1.0/subscriptions"
header={
'Content-Type': 'application/json',
'Authorization':"Bearer "+ "valid access token"
}
data={
"changeType": "created,updated",
"notificationUrl": "https://qa.example.com/get_webhook",
"resource": "/me/mailfolders('inbox')/messages",
"expirationDateTime": "2018-12-11T11:00:00.0000000Z"
}
response=requests.post(url, headers=header, json=data)
You can use:
import json
response=requests.post(url, headers=header, data=json.dumps(data))
I am trying to import vapid push subscriptions into firebase. I found some solution in https://developers.google.com/instance-id/reference/server#import_push_subscriptions. It thew following error. Please help me regarding this.
POST : https://iid.googleapis.com/v1/web/iid
Headers :
Content-Type:application/json
Authorization:key=MY_SERVER_KEY
BODY:
{
"endpoint" : "https://fcm.googleapis.com/fcm/send/my_sub_key",
"keys" : {
"p256dh" : "hidden_key",
"auth" : "hidden_auth"
}
}
}
Response:
"error": { "code": 401, "message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED" }
I'm trying to create a subscription to receive notification about changes to Office365 Calendar. I have already worked with Outlook Notitication API but having a problem with Microsoft Grap API
I try to create a subscription using Http Post to https://graph.microsoft.com/beta/subscriptions with header and body:
Header: Content-Type: application/json; Authorization : Bearer {accessToke}
Body:
{
"resource": "me/calendars",
"notificationUrl": "sample notification url",
"changeType": "Created",
}
In my notification url, i've setup to send a response with the value of validation token when receveving a validation request
Finally, the result i received:
{
"error": {
"code": "ExtensionError",
"message": "There was an error processing a storage extension.",
"innerError": {
"request-id": "6c563931-511d-415d-9c04-c07f25d45b1f",
"date": "2016-03-20T08:10:32"
}
}
}
I wonder what I'm doing wrong or that's a internal error of MS Grap API. Can anyone help me? Thank in advance
The correct resource to use for calendar events is "me/events". We'll try to get a better error message in future.