远程服务器返回一个错误：(400) Bad Request on invoke-restmethod using powershell

Question

我试图使用 Powershell 拨打 api，这是脚本

$clientID = "xxxxxxxxxxxxx"
$tenantName = "xxxxxxxxxxxxxxxxxxx"
$ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXx"


$ReqTokenBody = @{
Grant_Type    = "client_credentials"
Scope         = "https://graph.microsoft.com/.default"
client_Id     = $clientID
Client_Secret = $clientSecret
} 
$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody
$authheader = @{

    'Authorization' = "Bearer $($Tokenresponse.access_token)"

}
$ssoPatchUri = 'https://graph.microsoft.com/v1.0/applications/xxxxxxxxxxxxx-b64417d8183c'

$body = @'
{
    "web": @{"redirectUris" = @("https://signin.aws.amazon.com/saml")}
    "identifierUris" : @("https://signin.aws.amazon.com/saml")
    }
'@

   
Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri -Body $body -Method Patch -ContentType 'application/json' -Verbose

在我们传递 $body 参数的最后一个 invoke-restmethod 中发生的错误，我相信它是由于嵌套 json 的不正确框架造成的。这是我得到的错误。（因为我没有复制整个代码，行号将无效）

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
At C:\user\test.ps1:77 char:14
+ ...    $final = Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri  ...
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

这是我需要传递的实际 json 数据，

{
  "web": {
    "redirectUris": [
      "https://signin.aws.amazon.com/saml"
    ] 
  },
  "identifierUris": [
    "https://signin.aws.amazon.com/saml"
  ]    
}

感谢有人可以帮助我解决这个问题

Answer 1

我已经使用您的代码重现了该问题。

采取的步骤。

我已同意以下权限：Application.ReadWrite.All、Directory.ReadWrite.All、Application.ReadWrite.OwnedBy

我在正文中稍微修改了代码并将内容类型放在 authheader 中。

 $TenantName = "****.onmicrosoft.com" $clientID = "**********" $clientSecret = "*****************" $Scope = "https://graph.microsoft.com/.default" $ReqTokenBody = @{ Grant_Type = "client_credentials" Scope = $Scope client_Id = $clientID Client_Secret = $clientSecret } $authUri = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" $TokenResponse = Invoke-RestMethod -Uri $authUri -Method POST -Body $ReqTokenBody $authheader = @{ "Authorization" = "Bearer $($Tokenresponse.access_token)" "Content-type" = "application/json" } $TokenResponse.access_token $ssoPatchUri = 'https://graph.microsoft.com/v1.0/applications/####' $body = '{ "web": { "redirectUris": [ "https://signin.aws.amazon.com/saml" ] }, "identifierUris": ["https://signin.aws.amazon.com/saml"] }' Invoke-RestMethod -Headers $authheader -Uri $ssoPatchUri -Method PATCH -Body $body #$v=Invoke-RestMethod -Headers $authheader -Uri "https://graph.microsoft.com/v1.0/applications/#######" -Method GET #$v #$v.web

在这里，我放置了 api 的object id而不是客户端 id（在 -Uri https://graph.microsoft.com/v1.0/applications/objectId 中）来执行PATCH请求并且它有效。当客户端时显示相同的错误使用 ID。

但是使用客户端 ID（ https://graph.microsoft.com/v1.0/applications/ClientId ）适用于 GET 请求。

在 uri 中使用 object id 后，重定向 uri 和标识符 uri 成功更新为 api 补丁可以通过使用 GET 请求显示。