OneDrive /me Error: InvalidAuthenticationToken - microsoft-graph-api

I am using the Code flow ... with scope of "onedrive.readonly onedrive.appfolder"
I get the code, then the token, and when I try to get the information about the user:
https://graph.microsoft.com/v1.0/me
In java I set the following headers to the request:
uc.setRequestProperty("Content-Type", "application/json");
uc.setRequestProperty("Authorization", String.format("Bearer %s", mSessionInfo.BearerToken));
I get the error:
{ "error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "b8959569-efd0-4575-947e-c8835f8fef93",
"date": "2018-08-29T15:46:53"
} } }
What does this error mean ? How to proceed ?

The response actually indicates that the access token was not successfully generated or passed to the graph endpoint. Microsoft Graph couldn't parse it as a JWT token and thus attempted to process it as a Microsoft Account/Live Id compact token, which also failed. Please check the response that you got from the call to login.microsoftonline.com and that the token passed to graph.microsoft.com is a valid JWT token.

Related

Microsoft Graph API: Access token validation failure. Invalid audience

I am trying to migrate my app from Office 365 REST v2.0 to Microsoft Graph (v1.0). The token exchange seems to be working but as soon as I am trying to call an API, I am getting the following error:
(
[errorNumber] => 401
[error] => Request returned HTTP error 401
[message] => {
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2021-03-16T15:36:21",
"request-id": "dda1e33a-2774-4986-8c45-1487404fbb72",
"client-request-id": "e842d9a8-d71b-0563-f1ce-e58052e5bdb9"
}
}
}
)
The access_token has the following audience:
"aud": "https://outlook.office.com"
Here is the endpoint that I am using:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Payload:
grant_type=authorization_code
&code=0.AR8A3XwQy0FAmkSxxxx
&redirect_uri=https%3A%2F%2Fxxx.com%2Fproxy%2Foffice365authorize
&client_id=e2147faf-87f0-4e7f-xxxx-xxxxxxxxxxx
&client_secret=xxxxxxxxxxxx
Any hint would be greatly appreciated, thanks!
This means your token has the wrong audience, to call the Micrsoft Graph API, you need to get the token for Microsoft Graph i.e. the access token needs the "aud": "https://graph.microsoft.com".
Looks you are using the AAD auth code flow to get the token, so when you request an authorization code, use the scope with https://graph.microsoft.com/.default.
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=xxxxx
&response_type=code
&redirect_uri=xxxxxx
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
Also use scope=https://graph.microsoft.com/.default when requesting the token.
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
client_id=xxxxxx
&scope=https://graph.microsoft.com/.default
&code=0.AR8A3XwQy0FAmkSxxxx
&redirect_uri=xxxxxx
&grant_type=authorization_code
&client_secret=xxxxx
To call the API successfully, also make sure you have grant correct Delegated Microsoft Graph API permissions for your client app depends on the API you want to call, e.g. if you want to call List users, you need the permissions here.

Graph API - ErrorAuthenticating

I had working Graph API for months and now have suddenly stopped working.
Endpoint is - Create Call
https://graph.microsoft.com/v1.0/communications/calls
Error message - 400 - Bad Request
Error : 400 Bad Request
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2021-01-23T22:40:42",
"request-id": "641d13fa-c99b-4587-b188-214b7d4da732",
"client-request-id": "641d13fa-c99b-4587-b188-214b7d4da732"
}
}
}
I’ve parsed JWT token, Correct audience is issued for the token.
Token was generated using client_credentials flow - and same can be confirmed in JWT.
Any help ?

Create Team, 400 Bad Request, Required functionality is not supported

I'm trying to create a Microsoft Teams team in Migration mode via the Graph API. However I get a 400 response that I can't figure out. The query is shared in the link below.
Shared Query
For those that don't want to view it that way, here is my request:
POST https://graph.microsoft.com/beta/teams
Authorization: Bearer ...
Content-Type: application/json
{
"#microsoft.graph.teamCreationMode": "migration",
"template#odata.bind": "https://graph.microsoft.com/beta/teamsTemplates(\u0027standard\u0027)",
"displayName": "SlackMigrationTest",
"description": "testing slack migrations",
"createdDateTime": "2021-01-14T00:00:00.000Z"
}
I created this based on the microsoft doc here.
The reponse I get is:
The remote server returned an error: (400) Bad Request.
{
"error": {
"code": "BadRequest",
"message": "Required functionality is not supported.",
"innerError": {
"date": "2021-01-20T15:51:21",
"request-id": "dc4189cf-db4a-4a60-a271-f63b5d759a05",
"client-request-id": "dc4189cf-db4a-4a60-a271-f63b5d759a05"
}
}
}
I'm sure its something obvious that I'm missing but any help would be greatly appreciated.
Here you are using the User Context token and trying to make the call. This API call only works in Application context as shown in the below screenshot.
So use Client Credential flow and set Application permissions and then make a call.
As you can see below, it worked for me with App token.
You cannot test it in graph explorer because the Graph Explorer gets user token.

Skip token errors on Grpah API

Hello I am getting several skip token errors when running a full import on the graph API.
here is the error
The following one looks like expiration of skiptoken. Graph connector uses skip token in different cases. I would communicate with Graph API team to understand if this is correct behavior for the API.
Message: Error during http call. HttpStatusCode: BadRequest;
url: https://graph.microsoft.com:443/v1.0/groups/5802115b-ef14-4572-bec1-9a4747e5bcfb/members/?$select=id&$skiptoken=X%2744537074090001000000000000000010000000D6203A9D758C6F4B887B307BA3302EB5000000000000000000000017312E322E3834302E3131333535362E312E342E323333310000000000000157F232736047814E848C20B3547FF5E8%27;
Response: {
"error": {
"code": "Directory_ExpiredPageToken",
"message": "The specified page token value has expired and can no longer be included in your request.",
"innerError": {
"request-id": "1489b123-f94c-4531-82d1-d4b76331e3eb",
"date": "2017-11-27T18:59:23"
}
}
}
Message: Error during http call. HttpStatusCode: Unauthorized;
"code": "Authentication_MissingOrMalformed",
"message": "Access Token missing or malformed.",
The application has full control over all objects so it should not get an error with permissions issues

sendMail returns ResourceNotFound

I'm trying to send an email message using the Microsoft Graph REST API. My application is a service/daemon application where I am sending email on a user's behalf.
I am successfully able to obtain a token and obtain the user object such that I have the user's id, but when I try to use the sendMail API (POST /users/{user id}/sendMail) I receive the following error response:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "a911ead2-840d-4bfe-9a77-bc5000c1b749",
"date": "2017-01-03T13:33:24"
}
}
}
I also tried to first create the message as a draft using POST /users/{user id}/messages but that also returns the exact same error. My application permissions include both Mail.ReadWrite and Mail.Send.

Resources