Microsoft Graph API Authentication_MissingOrMalformed

Question

我正在使用oauth2 /令牌來驗證我的應用程序並獲取access_token。 Bellow是工作正常的java代碼。

private String getToken() throws Exception { 
     String access_token = ""; 
     String url = "https://login.windows.net/MyApplication_ID_here/oauth2/token"; 
     HttpClient client = HttpClients.createDefault(); 
     HttpPost post = new HttpPost(url); 

     post.setHeader("Content-Type", "application/x-www-form-urlencoded"); 

     List<NameValuePair> urlParameters = new ArrayList<NameValuePair>(); 
     urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials")); 
     urlParameters.add(new BasicNameValuePair("client_id", "MyApplication_ID_here")); 
     urlParameters.add(new BasicNameValuePair("client_secret", "MyApplication_secret_here")); 
     urlParameters.add(new BasicNameValuePair("resource", "https://graph.microsoft.com")); 

     post.setEntity(new UrlEncodedFormEntity(urlParameters)); 

     HttpResponse response = client.execute(post); 
     System.out.println("Sending 'POST' request to URL : " + url); 
     System.out.println("Post parameters : " + post.getEntity()); 
     System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); 

     String responseAsString = EntityUtils.toString(response.getEntity()); 
     System.out.println(responseAsString); 
     try { 
      access_token = responseAsString.split(",")[6].split("\"")[3]; // get the access_token from response 
     } catch (Exception e) { 
      e.printStackTrace(); 
      return null; 
     } 
     return access_token; 
} 

響應：

{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"0","expires_on":"1493011626","not_before":"1493007726","resource":"https://graph.microsoft.com","access_token":"eyJ0e..."} 

然後我使用的access_token加載的memberOf值不工作，並給了我訪問令牌誤或缺失錯誤。貝婁是java代碼

private void getMemberOf() 
{ 
    HttpClient httpclient = HttpClients.createDefault(); 
    try 
    { 
     URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6"); 
     URI uri = builder.build(); 
     HttpGet request = new HttpGet(uri); 
     request.addHeader("Authorization", "Bearer " + access_token); 
     request.addHeader("Content-Type", "application/json"); 

     HttpResponse response = httpclient.execute(request); 
     HttpEntity entity = response.getEntity(); 
     System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); 
     if (entity != null) { 
      System.out.println(EntityUtils.toString(entity)); 
     } 
    } 
    catch (Exception e) 
    { 
     e.getMessage(); 
    } 
} 

響應：

Response Code : 401 
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"date":"2017-04-24T04:39:38","requestId":"c5aa2abe-9b37-4611-8db1-107e3ec08c14","values":null}} 

可有人請告訴我哪上述請求的一部分是錯誤的？我沒有正確設置access_token嗎？

Answer 1

根據你的代碼，你的訪問令牌是資源 「https://graph.microsoft.com 」（微軟圖形API），但訪問令牌用於「 https://graph.windows.net」（AAD圖形API）：

URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6"); 

如果您想要調用Azure AD圖形api，則需要獲取Azure AD Graph API的訪問令牌。