I am trying to get the data of a signed in user using Microsoft graph API. I work with the "aad_oauth" package in flutter. When signing in, an access token is provided. This access token is then used in a http.get request.
However every time I try to get the data, the following error appears.
"{"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation:"
I also added a permission at the ad admin center.
That's how I get the access token
This is my http request
I tried to reproduce the same in my environment and got the below results:
I created an Azure AD application and added user.read permission:
Now I generated access token via Postman with below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
grant_type:authorization_code
client_id:1b323717-80d8-4172-b141-XXXXXX
client_secret:GTT8Q~PErY3nTbj9LO8Nkkm2ai.XXXXXXX
scope:user.read
code:code
redirect_uri: redirect_uri
To get the details of the signed-in user, I ran the below query by including bearer token:
GET https://graph.microsoft.com/v1.0/me/
Related
Based on the doc (https://learn.microsoft.com/en-us/rest/api/azure/devops/tokens/pats/update?view=azure-devops-rest-7.1&tabs=HTTP) provided by MS, i'm trying to update my Token expiration date through the api. I made a sample request using a full access token to authenticate and passing the authorizationId of the token i want to update in the body:
My sample request using Postman
And it keeps returning Error 403, I've checked my organization policies and tried by adding or removing parameters from body but it din't work.
I've also made another request to get the list of tokens on my organization with the same token authorization and api version and that went well.
According to your screenshot you are using the Basic Auth with PAT.
Please note that you must authenticate with an Azure AD token to use this API instead of a PAT token. In order to call the API directly, you need to provide an Azure AD access token as a Bearer token in Authorization header of your request. Please see Manage personal access tokens (PATs) using REST API and Q: Can I use basic auth with all Azure DevOps REST APIs? for details.
You can follow below steps to get the AAD Bearer token:
Install the Azure Az PowerShell module.
Login with a user account which has the permission in your DevOps org (Owner or PCA) with command Connect-AzAccount
1.) Alternately login from the cloud shell with command Connect-AzAccount -UseDeviceAuthentication, you will see the following message:
2.) Then copy the url https://microsoft.com/devicelogin and open in a new tap, enter the code IVR7VRWJQ to authenticate.
3.) Login with the Azure DevOps organization owner or other PCA account. After successful login you will see the account info, then follow below steps to get the Bearer Token.
Get the Bearer token:
$token = (Get-AzAccessToken -ResourceUrl "499b84ac-1321-427f-aa17-267ca6975798").Token
$token
Copy and use the token in script or Postman to update the PAT.
I'm trying to get the Tenant.Read.All and Tenant.ReadWrite.All scopes when authorizing with the PBI REST API but I can't figure it out. I can get a token using Postman that contains every other scope but the two required for Admin calls to the API. I'm not using a service principal, just signing in when Postman gets a new token.
I have created an app registration in google cloud and have managed to authenticate when using the test scope by changing the redirect url to localhost:8080 and acquiring an access token and a refresh token. The problem is that the refresh token expires when using the test scope, so I switched to the production scope, and now I get an error no matter what url I list as an authorized domain.
The only solution I can find so far is to switch back to the test environment (Google oAuth 2.0 API Authentication Error: Error 400 - redirect_uri_mismatch (does not comply with policy) DJANGO APP), but that doesn't work for me for the reasons above.
Does anyone know how to get a permanent refresh token in production scope for sa 360?
Any help would be much appreciated.
I have tried to get uber driver profile information using the following URL,
GET: https://api.uber.com/v1/partners/me
As a first step I have set scopes as follows in the authorization step and get the access token,
https://login.uber.com/oauth/v2/authorize?client_id={cliend_id}&response_type=code&response_type=code&scope=profile%20history%20request%20places
All working fine but when I try to get profile information, I got this error:
{
"message": "This endpoint requires at least one of the following scopes: partner.accounts, partner.admin_accounts",
"code":"unauthorized"
}
Driver API is with limited access. In order to access Driver API endpoints, you will need to apply for scope whitelisting - in your case it is partner.accounts. You can apply for access to Driver API here: https://developer.uber.com/products/drivers but just as a heads up access granting is currently very limited.
So after we review your access request - and you get access to the scope - please select it on your application dashboard - and when you authenticate your users - you will authenticate your users with this scope - and be able to access "GET /v1/partners/me" endpoint.
I'm trying to see how to use loopback-passport. So I clone this repo: loopback-example-passport and got it working with Facebook and local login. However, if I go to the API explorer and try to GET some users, or my own accessToken, I always get 401-permision denied.
What I am doing is this:
Open up the example application
Log in using Facebook Provider
Get the token stored in local-storage and set it in the API explorer
Make a request
So in the API explorer I'm using the same access token I got from the Facebook provider. What I'm I doing wrong here?
Thanks!