I am trying to use OAuth client_credentials
with Windows Microsoft Azure. I can successfully generate an access_token
but get when I try and access https://graph.windows.net/mydomain.com/users?api-version=2013-04-05
I get 403 Forbidden
.
What am I doing wrong? I think I'm not requestion a sufficiently authorized access_token
but I cannot find/guess other resource
or params to add.
My current flow
Request
> POST /mydomain.com/oauth2/token HTTP/1.1
> Host: login.windows.net
> Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id={client_id}
&client_secret={client_secret}
&resource=https://graph.windows.net
Response
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
{
"access_token": "<string>",
"token_type": "Bearer",
"expires_in": "<seconds>",
"expires_on": "<timestamp>",
"resource": "https://graph.windows.net"
}
Request
> GET /mydomain.com/users
> ?api-version=2013-04-05 HTTP/1.1
> Host: graph.windows.net
> Authorization: Bearer {access_token}
Response
< HTTP/1.1 403 Forbidden
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
Note: I get 403 Unauthorized if I miss out or mess with the {access_token}
.
Per my comment, you need to make sure that you've selected the proper permissions from the "permissions to other applications" drop-down in the portal, otherwise access won't be granted. See this page in the documentation for more information.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.