Reputation: 1383
Microsoft Graph API beta endpoint gives 401 Unauthorized
I am testing the Microsoft Graph beta endpoint that sends invitations to guest users to join the tenant. The endpoint I am using is :
https://graph.microsoft.com/beta/invitations
Body:
{
"invitedUserEmailAddress": "[email protected]",
"inviteRedirectUrl": "https://myDomain"
}
I am passing the bearer token in Authorization header that I got for the local admin user through the ADAL4J api. However, this call gives me a 401 Unauthorized error. Following is the response:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "91f8129e-70cc-467d-a45b-9309e55788d6",
"date": "2017-02-10T08:46:09"
}
}
}
Any clue on how to get this request working? On Github I have gone through other discussions(eg) where users are facing the same issue.
Upvotes: 0
Views: 1741
Answers (2)
Reputation: 141
I am excatly in the same situation as @adarsh hegde. But I am targetting an azure B2C instead. I can get the token for the windows graph (using resource "https://graph.windows.net"), and I am able to create users whithin my web app that is registered with the right permission.
What I did is to acquire token for graph.microsoft.com on the same time, but this token doesn't let me use invitations giving me the same error as you :
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "91f8129e-70cc-467d-a45b-9309e55788d6",
"date": "2017-02-10T08:46:09"
}
}
}
UPDATE: So here are the steps that I've done so far:
- ADB2C directroy
- Web app with OpenID registered in there with required permissions to manage users in the AD following this link
- When admin is logged in, the Web app in trusted mode is able to let him manage users (create/add/etc...)
- Now what I want to use is the InvitationManager part of the MS graph (graph.microosoft.com) to be able to send invitation mail. can I redeem the code received in the OpenIdConnectAuthenticationNotifications to get access token for the MS graph? knowing that I already do that but for AD graph (graph.windows.net)
Thanks for the help
Upvotes: 0
Reputation: 879
The token sent was obtained with resource as "https://graph.windows.net". The expected resource/audience for Microsoft Graph API is "https://graph.microsoft.com". Update your application manifest to include Microsoft Graph as a resource and request the required permissions. Then request token with above mentioned resource/audience.
Upvotes: 2
Related Questions
- Forbidden error when calling Microsoft Graph from Java Application using Application ID
- 403 Error when making API call to Microsoft Graph with proper permissions
- Microsoft Graph SDK for Java - InvalidAuthenticationToken error 80049217
- Java requests to Microsoft Graph API perform ok but return 500
- Microsoft Oauth2 403 Forbidden
- Microsoft Graph 401 Unauthorized with access token
- Azure Graph API : Error 403 Forbidden with Azure AD B2C
- Azure AD Graph api returns Forbidden
- Microsoft Graph Api token invalid or not authorized?
- Call Microsoft Graph API - App only unauthorized error