I'm trying to call AAD Graph, but I'm getting an error. Here is how I'm trying to make a call:
MsPortalFx.Base.Net.ajax({
uri: `https://graph.windows.net/<id>/servicePrincipals/<id>?api-version=1.6-internal`,
type: "GET",
dataType: "json",
cache: false,
traditional: true,
contentType: "application/json",
setAuthorizationHeader: true,
})
I can see that Bearer token is supplied in the Authorization header, but here is the error I'm getting:
HTTP/1.1 401 Unauthorized
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
ocp-aad-diagnostics-server-name: <name>
request-id: <request-id>
client-request-id: <client-request-id>
x-ms-dirapi-data-contract-version: 1.6-internal
DataServiceVersion: 3.0;
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Duration: 519919
X-Powered-By: ASP.NET
Date: Mon, 23 Nov 2020 22:49:42 GMT
Content-Length: 212
{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"requestId":"<id>","date":"2020-11-23T22:49:42"}}
Please let me know if I need to provide any additional information.
As Sruthi said, the error information Authentication_MissingOrMalformed it means that the access resource does not match the AUD of access token.
You need to get the access token following this:
POST https://login.microsoftonline.com/<Your-Tenant-ID>/oauth2/token
// request body:
grant_type=client_credentials
client_id=<Your Portal Application ID>
client_secret=<Your client secret>
resource=https://graph.windows.net // used to call AAD Graph API
Or with the v2.0
endpoint:
POST https://login.microsoftonline.com/<Your-Tenant-ID>/oauth2/v2.0/token
// request body:
grant_type=client_credentials
client_id=<Your Portal Application ID>
client_secret=<Your client secret>
scope=https://graph.windows.net/.default // used to call AAD Graph API