Menu
I am trying to use OAuth client_credentials with Windows Microsoft Azure. I can successfully generate an access_token but get when I try and access https://graph.windows.net/mydomain.com/users?api-version=2013-04-05 I get 403 Forbidden.
What am I doing wrong? I think I'm not requestion a sufficiently authorized access_token but I cannot find/guess other resource or params to add.
My current flow
Request
> POST /mydomain.com/oauth2/token HTTP/1.1
> Host: login.windows.net
> Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id={client_id}
&client_secret={client_secret}
&resource=https://graph.windows.net
Response
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
{
"access_token": "<string>",
"token_type": "Bearer",
"expires_in": "<seconds>",
"expires_on": "<timestamp>",
"resource": "https://graph.windows.net"
}
Request
> GET /mydomain.com/users
> ?api-version=2013-04-05 HTTP/1.1
> Host: graph.windows.net
> Authorization: Bearer {access_token}
Response
< HTTP/1.1 403 Forbidden
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
Note: I get 403 Unauthorized if I miss out or mess with the {access_token}.
348
Per my comment, you need to make sure that you've selected the proper permissions from the "permissions to other applications" drop-down in the portal, otherwise access won't be granted. See this page in the documentation for more information.
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
