Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access Token missing or malformed when calling Graph API

Following this guide: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-api-authentication/#_get-objectid-of-application-service-principal-in-user-azure-ad

I've reached the stage where I call graph.windows.net to Get the ObjectId of the service principal in user Azure AD.

When I do the call, however, I'm getting the following message:

{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"values":null}}

I've already tried replacing the clientId with the 'onmicrosoft.com' address too (so graph.windows.net/appname.onmicrosoft.com/...), still got the same message.

like image 455
Asaf Avatar asked Sep 06 '16 17:09

Asaf


People also ask

Why is my access token not working in Microsoft Graph?

Make sure that your application is presenting a valid access token to Microsoft Graph as part of the request. This error often means that the access token may be missing in the HTTP authenticate request header or that the token is invalid or has expired.

How do I troubleshoot missing authentication token errors in API gateway?

API Gateway REST API endpoints return Missing Authentication Token errors for two reasons: The API request is made to a method or resource that doesn't exist. The API request isn't signed when the API method has AWS Identity and Access Management (IAM) authentication turned on. To troubleshoot the error, do the following.

Does the Azure graph token work with other Azure Services?

The token that is acquired will work for other Azure Services like webapps, compute, ResourceManager, etc. but not for Graph. You could test it with Azue AD graph explorer, then it will work for you.

Why is my Azure AD graph API not working?

A common mistake that causes in this error is trying to use a token acquired for Azure AD Graph APIs, Outlook APIs, or SharePoint/OneDrive APIs to call Microsoft Graph (or vice versa). Ensure that the resource (or scope) your app is acquiring a token for matches the API that the app is calling.


1 Answers

To extend on my comment, we have seen this when the app secret contains characters that need encoding. Such as "+" and "="

enter image description here

If you are not using some of the client helpers available or are testing with Fiddler or Postman you will need to URL encode the secret before calling the graph api, so it looks it becomes:

"7hIkYG5m7xJQnocThxMc4yPjtbRP7bO41aNC%2bbrEzvo%3d"

like image 161
jimpaine Avatar answered Oct 17 '22 08:10

jimpaine