Azure AD 验证与 python

Question

I have some difficulties understanding the Graph API documentation. I want to check with an in-house application if a user is currently signed in.

The app has the following permissions: - Application: Read directory data - Delegated: Read directory data - Delegated: Read all groups - Delegated: Sign in and read user profile

The token is obtained at https://login.microsoftonline.com/ {directoryId}/oauth2/token Here is the situation:

Theory

The documentation says to GET /auditLogs/signIns/{id} ( https://docs.microsoft.com/en-us/graph/api/signin-get )

and gives as example: https://graph.microsoft.com/v1.0/auditLogs/signIns/ {id} ( https://docs.microsoft.com/en-us/graph/api/signin-get?view=graph-rest-1.0&viewFallbackFrom=graph-rest-1.6#tabpanel_CeZOj-G++Q_http )

But the working API request we are using look like https://graph.windows.net/ {directoryId}/...

Problem

When I request https://graph.windows.net/ {directoryId}/auditLogs/signIns/{objectIdOfUser} I get [Request_ResourceNotFound] "Resource not found for the segment 'auditLogs'."

When I request (as the documentation suggests) https://graph.windows.net/auditLogs/signIns/ {objectIdOfUser} I get [Request_BadRequest] "Invalid domain name in the request url."

When I request (as the documentation example suggests) https://graph.microsoft.com/v1.0/auditLogs/signIns/ {id} I get [InvalidAuthenticationToken] "Access token validation failure. Invalid audience."

Can you provide us with a working example (with plain URLs) of how obtaining the 'signinStatus' ressource for the ''objectId' a given user?

Answer 1

Sounds like you have gotten a token for Azure AD Graph API, which is not the same as Microsoft Graph API.

Make sure you request the token with resource https://graph.microsoft.com .