Currently i'm authenticating to a resource one which is my backend. But using the same access token i tried to get data from Microsoft graph api it's giving
{
"odata.error": {
"code": "Authentication_MissingOrMalformed",
"message": {
"lang": "en",
"value": "Access Token missing or malformed."
},
"date": "2018-02-22T10:37:53",
"requestId": "381cf386-6065-422b-b561-164ed17dcfdf",
"values": null
}
}
How to resolve this. Is it possible to access both with one access token
No. An access token is always meant for one API/resource.
You must get two access tokens. You can use the refresh token or authorization code to get two.
Related
{ "error": { "code": 403, "message": "The caller does not have permission", "errors": [ { "message": "The caller does not have permission", "domain": "global", "reason": "forbidden" } ], "status": "PERMISSION_DENIED" } }
It says you don't have permission. But I am logging in oauth2 with the adsense account itself. So it's not from a different account. It seems silly to me that there is an access permission issue here. I couldn't get past this error for about 1 day.
By the way, I get the same result in google's 'try this method' service.
SOLVED
I was entering the adsense email as the accounts parameter, the problem was here. API worked when using account name
I have used the Instagram Graph API to publish posts on Instagram based on it's docs. I use this API as below to upload an image:
https://graph.facebook.com/17841401176636063/media?image_url=https://upload.wikimedia.org/wikipedia/commons/9/9a/Gull_portrait_ca_usa.jpg&caption=%23BronzFonz&access_token=IGQVJXMG9GZAlgtN0ZAGQzYxcm5GQzRUTl9pbENRSWU1NjVGeE81clJ4RHVJMlU4aVk3cnhibDdKaVVidUxpcmFnWl9qaDU3alFFeWtVS01MNE9uRnBqLXVjLVF1S0tqa3lRaHJyYDRn
And I get this result:
{
"error": {
"message": "Invalid OAuth access token.",
"type": "OAuthException",
"code": 190,
"fbtrace_id": "Ac6EIeqwzInWWyWs7H0jKhc"
}
}
What is wrong with my request?I am sure about the access token, I get it from https://graph.instagram.com/access_token and it is my long-lived access token.
I tried to create a call in Teams trough Microsoft Graph Api. I created a App with the given permissions but when i try to do the POST on: https://graph.microsoft.com/v1.0/communications/calls i get this error:
{
"error": {
"code": "UnknownError",
"message": "{\"errorCode\":\"7500\",\"message\":\"Unsupported AAD Identity.\",\"instanceAnnotations\":[]}",
"innerError": {
"date": "2020-11-11T14:38:43",
"request-id": "74ee843f-ba7e-4d87-b1e2-617c6fdce77c",
"client-request-id": "74ee843f-ba7e-4d87-b1e2-617c6fdce77c"
}
}
}
Token and everything looks good. If I change the token I get another error that this one is wrong.
To be honest my knowledge about Azure etc. is very low.
What Shiva said is right. You may have used a user token to call the API, so an error occurred. The API call currently only supports application tokens. You need to grant application permissions to the application and use the client credential flow to obtain Token.
We've seen a change in functionality with the Microsoft Graph /sites?search endpoint.
Within the past couple of days, when making this call:
https://graph.microsoft.com/v1.0/sites?search=
for certain tenants, we now receive:
{
"error": {
"code": "accessDenied",
"message": "The caller does not have permission to perform the action.",
"innerError": {
"request-id": "a37ae18e-dcd2-481d-bb06-0a0f5cade4f4",
"date": "2018-09-28T13:54:56"
}
}
}
We are using app only authentication with the following roles:
"roles": [
"Directory.Read.All",
"User.Read.All"
],
Has there been a change in permissions required for this call?
According to the documentation, you need either Sites.Read.All or Sites.ReadWrite.All in order to use /sites?search={query}.
I have an account on Azure where we run various applications in docker containers.
I would like to connect to Active Directory on this account and be able to manage various aspects such as creating new users, etc.
I found following API browser:
https://learn.microsoft.com/en-us/rest/api/graphrbac/users/list
Unfortunately when I log in as a user with admin rights (Global Administrator) and provide tenant ID, when I call users/list endpoint, I get following error with 401 status:
{
"odata.error": {
"code": "Authentication_MissingOrMalformed",
"message": {
"lang": "en",
"value": "Access Token missing or malformed."
},
"date": "2018-07-20T14:01:24",
"requestId": "9f070c46-a949-41bf-85c9-f1ccf97975db",
"values": null
}
}
What is interesting - if I use any other random endpoint, for example: https://learn.microsoft.com/en-us/rest/api/servermanagement/node/list - it works fine. In this case it returns empty set, but at least it doesn't fail with strange authentication error.
I also can reproduce the issue that you metioned if I test Users - List Rest API directly from the site.
https://learn.microsoft.com/en-us/rest/api/graphrbac/Users/List
According to exception, the root cause of the issue is token audience. You could check the actual access token in the JWT.io.
You could get that the audience is https://management.core.windows.net/. The token that is acquired will work for other Azure Services like webapps, compute, ResourceManager, etc. but not for Graph.
You could test it with Azue AD graph explorer, then it will work for you.
The audience should be https://graph.windows.net