CODEWITHSUNDEEP
javaazureazure-active-directorymicrosoft-graph-apimicrosoft-graph-sdks
Andres Benavides
Andres Benavides

Reputation: 121

List azure ad using msgraph-sdk-java

I am trying to bring current user from azure active directory as follows:

            final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
                .clientId("client_id")
                .clientSecret("secret")
                .tenantId("tenat_id")
                .build();

        final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(Arrays.asList("https://graph.microsoft.com/User.Read.All"), clientSecretCredential);

        final GraphServiceClient graphClient =
          GraphServiceClient
            .builder()
            .authenticationProvider(tokenCredentialAuthProvider)
            .buildClient();

        final User me = graphClient.me().buildRequest().get();

and I am getting the following error:

java.io.IOException: java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope openid profile offline_access https://graph.microsoft.com/User.Read.All is not valid. Trace ID: b035aaec-9c8a-4728-a237-6d63738adb00 Correlation ID: de389e03-9d91-4f4b-aacf-449aa8fac460 Timestamp: 2021-04-05 21:44:43Z

any idea that I may be missing?????

Upvotes: 0

Views: 505

Answers (1)

unknown
unknown

Reputation: 7473

You are using the client credential flow here.

The value passed for the scope parameter in this request should be the resource identifier (application ID URI) of the resource you want, affixed with the .default suffix.

The scope should be https://graph.microsoft.com/.default in your issue.

Upvotes: 1

Related Questions