Microsoft Graph API access token validation failure (java)

Question

I am trying to set up a native java application that will leverage MS Graph's API to access a users OneDrive after authenticating using ADAL4j. I am using this library to get my access token. So far I have this code:

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;

import javax.naming.ServiceUnavailableException;

import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;

public class Get {

    private final static String AUTHORITY = "https://login.windows.net/common/oauth2/v2.0/authorize";
    private final static String CLIENT_ID = "29275...011a";
    private final static String RESOURCE = "https://graph.windows.net";


    public static void main(String[] args) throws Exception {

        try (BufferedReader br = new BufferedReader(new InputStreamReader(
            System.in))) {
            System.out.print("Enter username: ");
            String username = br.readLine();
            System.out.print("Enter password: ");
            String password = br.readLine();

            AuthenticationResult result = getAccessTokenFromUserCredentials(
                username, password);
            System.out.println("Access Token - " + result.getAccessToken());
            System.out.println("Refresh Token - " + result.getRefreshToken());
            System.out.println("ID Token - " + result.getIdToken());
            System.out.println("Expires in - " + result.getExpiresAfter());
        }
    }

    private static AuthenticationResult getAccessTokenFromUserCredentials(
        String username, String password) throws Exception {
        AuthenticationContext context = null;
        AuthenticationResult result = null;
        ExecutorService service = null;
        try {
            service = Executors.newFixedThreadPool(1);
            context = new AuthenticationContext(AUTHORITY, false, service);
            Future<AuthenticationResult> future = context.acquireToken(RESOURCE, CLIENT_ID, username, password, null);
            result = future.get();
        } finally {
            service.shutdown();
        }

        if (result == null) {
            throw new ServiceUnavailableException(
                "authentication result was null");
        }
        return result;
    }

}

When I run it, I enter the account credentials then the access token, refresh token, ID token, and expires in time are all printed. I then use chromes "Advanced Rest Client" add-on to test the auth token (screenshot below).

screenshot

And then I get the access token validation error shown at the bottom of the screenshot. I dont understand the reason that the token doesnt work. I have permissions set up on the app registered in Azure AD and the user has already given permission to the app. The only thing I can think of is that maybe scopes arent specified but I am not sure that is the issue. And if it is how do I specify them?

Answer 1

I found the issue.

Wrong resource URI. Azure AD Graph API is https://graph.windows.net.

Microsoft Graph API resource URI is https://graph.microsoft.com/