Microsoft Graph API Authentication_MissingOrMalformed

Question

我正在使用oauth2 /令牌来验证我的应用程序并获取access_token。 Bellow是工作正常的java代码。

private String getToken() throws Exception { 
     String access_token = ""; 
     String url = "https://login.windows.net/MyApplication_ID_here/oauth2/token"; 
     HttpClient client = HttpClients.createDefault(); 
     HttpPost post = new HttpPost(url); 

     post.setHeader("Content-Type", "application/x-www-form-urlencoded"); 

     List<NameValuePair> urlParameters = new ArrayList<NameValuePair>(); 
     urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials")); 
     urlParameters.add(new BasicNameValuePair("client_id", "MyApplication_ID_here")); 
     urlParameters.add(new BasicNameValuePair("client_secret", "MyApplication_secret_here")); 
     urlParameters.add(new BasicNameValuePair("resource", "https://graph.microsoft.com")); 

     post.setEntity(new UrlEncodedFormEntity(urlParameters)); 

     HttpResponse response = client.execute(post); 
     System.out.println("Sending 'POST' request to URL : " + url); 
     System.out.println("Post parameters : " + post.getEntity()); 
     System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); 

     String responseAsString = EntityUtils.toString(response.getEntity()); 
     System.out.println(responseAsString); 
     try { 
      access_token = responseAsString.split(",")[6].split("\"")[3]; // get the access_token from response 
     } catch (Exception e) { 
      e.printStackTrace(); 
      return null; 
     } 
     return access_token; 
} 

响应：

{"token_type":"Bearer","expires_in":"3599","ext_expires_in":"0","expires_on":"1493011626","not_before":"1493007726","resource":"https://graph.microsoft.com","access_token":"eyJ0e..."} 

然后我使用的access_token加载的memberOf值不工作，并给了我访问令牌误或缺失错误。贝娄是java代码

private void getMemberOf() 
{ 
    HttpClient httpclient = HttpClients.createDefault(); 
    try 
    { 
     URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6"); 
     URI uri = builder.build(); 
     HttpGet request = new HttpGet(uri); 
     request.addHeader("Authorization", "Bearer " + access_token); 
     request.addHeader("Content-Type", "application/json"); 

     HttpResponse response = httpclient.execute(request); 
     HttpEntity entity = response.getEntity(); 
     System.out.println("Response Code : " + response.getStatusLine().getStatusCode()); 
     if (entity != null) { 
      System.out.println(EntityUtils.toString(entity)); 
     } 
    } 
    catch (Exception e) 
    { 
     e.getMessage(); 
    } 
} 

响应：

Response Code : 401 
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"date":"2017-04-24T04:39:38","requestId":"c5aa2abe-9b37-4611-8db1-107e3ec08c14","values":null}} 

可有人请告诉我哪上述请求的一部分是错误的？我没有正确设置access_token吗？

Answer 1

根据你的代码，你的访问令牌是资源 “https://graph.microsoft.com ”（微软图形API），但访问令牌用于“ https://graph.windows.net”（AAD图形API）：

URIBuilder builder = new URIBuilder("https://graph.windows.net/MyApplication_ID_here/users/test@testABC.onmicrosoft.com/memberOf?api-version=1.6"); 

如果您想要调用Azure AD图形api，则需要获取Azure AD Graph API的访问令牌。