Following this guide: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-api-authentication/#_get-objectid-of-application-service-principal-in-user-azure-ad
I've reached the stage where I call graph.windows.net to Get the ObjectId of the service principal in user Azure AD.
When I do the call, however, I'm getting the following message:
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"values":null}}
I've already tried replacing the clientId with the 'onmicrosoft.com' address too (so graph.windows.net/appname.onmicrosoft.com/...), still got the same message.
Make sure that your application is presenting a valid access token to Microsoft Graph as part of the request. This error often means that the access token may be missing in the HTTP authenticate request header or that the token is invalid or has expired.
API Gateway REST API endpoints return Missing Authentication Token errors for two reasons: The API request is made to a method or resource that doesn't exist. The API request isn't signed when the API method has AWS Identity and Access Management (IAM) authentication turned on. To troubleshoot the error, do the following.
The token that is acquired will work for other Azure Services like webapps, compute, ResourceManager, etc. but not for Graph. You could test it with Azue AD graph explorer, then it will work for you.
A common mistake that causes in this error is trying to use a token acquired for Azure AD Graph APIs, Outlook APIs, or SharePoint/OneDrive APIs to call Microsoft Graph (or vice versa). Ensure that the resource (or scope) your app is acquiring a token for matches the API that the app is calling.
To extend on my comment, we have seen this when the app secret contains characters that need encoding. Such as "+" and "="
If you are not using some of the client helpers available or are testing with Fiddler or Postman you will need to URL encode the secret before calling the graph api, so it looks it becomes:
"7hIkYG5m7xJQnocThxMc4yPjtbRP7bO41aNC%2bbrEzvo%3d"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With