I am unable to provision users to a federated domain, say example.org, with Microsoft Graph API.
The url I am sending the POST to is:
https://graph.microsoft.com/v1.0/users
json payload is:
{
"accountEnabled": true,
"city": "Seattle",
"country": "United States",
"department": "Sales & Marketing",
"displayName": "Melissa Darrow",
"givenName": "Melissa",
"jobTitle": "Marketing Director",
"mailNickname": "MelissaD",
"passwordPolicies": "DisablePasswordExpiration",
"passwordProfile": {
"password": "Test1234",
"forceChangePasswordNextSignIn": false
},
"officeLocation": "131/1105",
"postalCode": "98052",
"preferredLanguage": "en-US",
"state": "WA",
"streetAddress": "9256 Towne Center Dr., Suite 400",
"surname": "Darrow",
"mobilePhone": "+1 206 555 0110",
"usageLocation": "US",
"immutableID": "melissab",
"userPrincipalName": "melissab#example.org"
}
What I receive is:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties contains invalid values.",
"innerError": {
"request-id": "9e8af7a6-fba2-4a66-8421-19dbfd2c36f1",
"date": "2017-05-12T12:13:22"
}
}
}
please note immutableId can be found in the payload.
Is it possibile to provision such users with the given REST framework?
immutableID must be Base64 encoded (byte[])
Ex:
String immutableId = new String(Base64.encodeBase64("someText".getBytes()));
This is expected behavior. The Graph API does not handle the user sync part. User can be synced using Microsoft Azure Active Directory Sync Tool.
Using graph api you can sync the user from azure to our application.
ex : USER_SYNC_QUERY = "https://graph.microsoft.com/v1.0/users?$top=100&$count=true";
1) On each request graph api will send you a #odata.nextLink parameter i.e the skip token for getting next users if more than requested user is present in your azure.
2) By passing the skip token with each request you can sync all the users form azure to your application
Related
We're using the client_credentials flow to get access for our application to tenants environments. The application has the correct scopes, and we get an access token that is working for other endpoints like /users but when doing a request like the following we get error messages.
GET https://graph.microsoft.com/beta/me/findRooms
{
"error": {
"code": "ErrorInvalidUser",
"message": "The requested user '{userId}#{tenantId}' is invalid.",
"innerError": {
"request-id": "b72d26a3-d0ad-42eb-a3d3-35951cb42b3d",
"date": "2020-01-21T10:21:28"
}
}
}
I understand that there's no "me" when we're just an application, but how do we access these types of endpoints in that case? Do I have to have a user to act as, as well? That seems to me like it defeats the purpose of a daemon like this. Cannot find any clear documentation on this matter. On this page in the docs on the use a token section they even refer to a /me endpoint, which is incorrect in that case.
I've tried requesting the /users/{id}/findRooms endpoint with all different kinds of ID's I can find in the access token - none of them work.
Other people with the same issue, that have yet to resolve it.
1. Feedback area in docs
2. Github issue
Best regards,
Christopher
Using the /users/{user-id} is the only pattern that will work with client credentials. In your case, this should work, so maybe it's an issue with the id you are using.
To make sure I'm not giving you bad information, I just tested this with an app-only token from the client credentials flow. Parsing that token over at https://jwt.ms, I see the roles claim like so:
"roles": [
"User.Read.All"
]
If first did a GET /users?$select=displayname,id, and this user was included in the response:
{
"displayName": "Adele Vance",
"id": "3103c7b9-cfe6-4cd3-a696-f88909b9a609"
}
This is the id to use in your findRooms call. I did GET /users/3103c7b9-cfe6-4cd3-a696-f88909b9a609/findrooms and got the following response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.emailAddress)",
"value": [
{
"name": "Conf Room Adams",
"address": "Adams#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Baker",
"address": "Baker#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Crystal",
"address": "Crystal#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Hood",
"address": "Hood#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Rainier",
"address": "Rainier#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Stevens",
"address": "Stevens#M365x330971.onmicrosoft.com"
}
]
}
This is the new error message that I am encountering now. When trying out graph explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) to execute office 365 APIs using my company account, I am encountering an error below when using APIs for Outlook Mail and Calendar. Same error encountered for the applications that I have downloaded in Github. Applications that are trying to access the calendar APIs. I have also tried to create a developer account for office 365 and it has the same error message when accessing the APIs.
It looks like an access issue and/or admin privilege is needed.
Error response:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "351f57d5-3bdb-4c6f-a06c-b204f23d0eda",
"date": "2018-06-13T03:12:28"
}
}
}
But I can access User APIs. Like getting my profile details in OSM AD.
Successful response:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "987f2dcf-a66c-4f14-a180-41e2eac0b65c",
"businessPhones": [
"+47 37 50 46 15"
],
"displayName": "Teemee F Tang",
"givenName": "Teemee F",
"jobTitle": null,
"mail": "Teemee.Tang#osm.no",
"mobilePhone": "+63 947 33 71109",
"officeLocation": null,
"preferredLanguage": null,
"surname": "Tang",
"userPrincipalName": "Teemee.Tang#osm.no"
}
I just login my account in https://outlook.office365.com. After that I can already use my company account with Microsoft Graph.
I am quite new in using Google APIs. So, the problem is that I am administrator of the YouTube channel (not the owner). And I would like to get the straffic sources that were embedded on external websites. So, I've created new project and formed a request through Google APIs Explorer. Here it is:
https://youtubeanalytics.googleapis.com/v2/reports?dimensions=insightTrafficSourceDetail&endDate=2018-12-12&filters=insightTrafficSourceType%3D%3DEXT_URL&ids=channel%3D%3D{MY_CHANNEL}&maxResults=25&metrics=views&sort=-views&startDate=2014-05-01&key={MY_API_KEY}
Here is the result:
200
- Show headers -
{
"kind": "youtubeAnalytics#resultTable",
"columnHeaders": [
{
"name": "insightTrafficSourceDetail",
"columnType": "DIMENSION",
"dataType": "STRING"
},
{
"name": "views",
"columnType": "METRIC",
"dataType": "INTEGER"
}
],
"rows": [
[
"vk.com",
2399
],
[
"unknown",
872
],
[
"yandex.ru",
23
]
But when I try to write the request into the browser address bar directly, it says:
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"domain": "global",
"reason": "unauthorized"
}
],
"status": "UNAUTHENTICATED"
}
}
I pushed into the {API_KEY} field from here
But, unfortunately, the result is such as provided above. What am I doing wrong? Can you provide the step-by-step instruction to get the right HTTP-request for my aim, as I counld'nt find it? Thank you!
In my application, the user signs in using their Office365 credentials and then
I want to import the data of the users (id, mail, displayName) in the same
organization into my database.
When another person from the same organization logs in into my app, that other
person should see the same list of users as the first one.
I tried several queries in the Graph Explorer, but none
of them has a response, which would allow to determine that two people belong
to the same organization.
"My profile" (/v1.0/me/) response contains a lot
of data, but no tenant ID (or something similar):
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "16f5a7b6-5a15-4568-aa5a-31bb117e9967",
"businessPhones": [],
"displayName": "Anne Weiler",
"givenName": "Anne",
"jobTitle": "Manufacturing Lead",
"mail": "annew#CIE493742.onmicrosoft.com",
"mobilePhone": "+1 3528700812",
"officeLocation": null,
"preferredLanguage": "en-US",
"surname": "Weiler",
"userPrincipalName": "annew#CIE493742.onmicrosoft.com"
}
Same applies to the "all users in the organization" (/v1.0/users) response.
How can I extract the information from Microsoft Graph that would allow me to
detect that two different users work in the same organization?
You could use the id returned by the /organiozation endpoint:
https://graph.microsoft.com/v1.0/organization?$select=id,displayName
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#organization(id,displayName)",
"value": [
{
"id": "c07ab59f-ce09-49f8-b4c4-9c6dd4f0d8bb",
"displayName": "Microsoft API Sandbox"
}
]
}
In the Facebook API, there is a request that provides details about the application that a particular OAuth access token is for. For example, I could send
http://graph.facebook.com/app?access_token=ABC...123
and it would return information about the application that the access token was generated for. It has a very similar one to get information about the user the access token was generated for.
http://graph.facebook.com/me?access_token=ABC...123
My question pertains to the parallel calls in Microsoft's Live Connect RESTful API. There is a direct equivalent to the /me request that returns the user's unique ID, but I cannot find any documentation for a parallel to the /app request (client in MS terminology).
https://apis.live.net/v5.0/me?access_token=ABC...123
{
"id": "1234abc1a1abc123",
"name": "test test",
"first_name": "test",
"last_name": "test",
"gender": null,
"locale": "en_US"
}
https://apis.live.net/v5.0/app?access_token=ABC...123
{
"error": {
"code": "request_url_invalid",
"message": "The URL contains the path 'app', which isn't supported."
}
}
https://apis.live.net/v5.0/client?access_token=ABC...123
{
"error": {
"code": "request_url_invalid",
"message": "The URL contains the path 'client', which isn't supported."
}
}