Reputation: 15
Subscribing to Microsoft Graph notifications API using AAD authenticated notificationUrl endpoint
I am using an Azure function for subscribing to Microsoft Graph notifications API for group updates on a tenant. Without any authentication i am able to subscribe and get notifications fine. But on enabling AAD authentication and sending a subscription request, Graph notificationUrl validation POST call gets a 401 response from the function and hence the subscription request fails. Is there a way to configure such that Graph always sends a Bearer token or any other alternative to pass the authentication? Aim is to avoid keeping any unauthenticated/allow-anonymous access to the notificationUrl.
Upvotes: 1
Views: 472
Answers (1)
Reputation: 2590
They made it a requirement that the notification url needs to be accessible unauthenticated. That way the server sending the notifications (or in the case of Microsoft, on of the 1000 servers) doesn't need access to your credentials.
What you could do is using some kind of key that needs to be set in the url, or limit the ip's that can call the endpoint. Like https://your-domain.com/notification/7cb07519-3db2-4a52-b4b2-cc1f612b085d
An other solution would be just not to care. What is unauthenticated access to one endpoint? You can validate the body of the post. And you should never respond in a way that you send information (other then 200 Ok) back.
Upvotes: 3
Related Questions
- Async push notification to Microsoft Authenticator App
- AAD microsoft graph, client credentials
- MS Graph Daemon App - Obtaining Bearer Token
- How do I create a notification url endpoint for microsoft graph api change notifications
- Microsoft graph api access
- Programmatical Authentication to Graph API
- Microsoft graph gives an error of 403 Forbidden when subscribing to notifications API for the 12th group subscription
- How to consume Graph API with a ADAL token?
- Calling Microsoft Graph via REST API using Application token
- Accessing the Azure Graph API using Application Identity