I'm trying to request the "List privilegedRoles" resource using an app created in Azure's Active Directory.
I've given it all the Application permissions AND Delegated permissions in the Graph API app, to no avail.
The response is always:
"error": {
"code": "UnknownError",
"message": "{\"message\":\"An error has occurred.\"}",
"innerError": {
"request-id": "3e1bb5cf-2d2e-402f-8648-27193b28510a",
"date": "2018-06-06T14:26:02"
}
}
Any help would be much appreciated
UPDATE 1:
A full reproduction of the issue -
- A V2 app with delegated permission "Directory.AccessAsUser.All" (and no application permissions), redirect url of http://localhost/myapp/permissions
step 1: admin consent
open browser at: https://login.microsoftonline.com/MY-TENANT-ID/adminconsent?client_id=MY_APP_ID&state=12345&redirect_uri=http://localhost/myapp/permissions
and grant consent by an admin to the requested permission(s)
see successful redirect to:
http://localhost/myapp/permissions?admin_consent=True&tenant=MY_TENANT_ID&state=12345
step 2: get token
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=MY_APP_ID&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=MY-APP-SECRET&grant_type=client_credentials' 'https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token'
get reply like:
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 0,
"access_token": "SOME-VERY-LONG-TOKEN"
}
step 3: attempt to get the resource
curl -X GET -H "Authorization: Bearer SOME-VERY-LONG-TOKEN" 'https://graph.microsoft.com/beta/privilegedRoles'
ERROR:
{
"error": {
"code": "UnknownError",
"message": "{\"message\":\"An error has occurred.\"}",
"innerError": {
"request-id": "cc9c950c-369c-4fb5-8ec4-eb4048e32a5d",
"date": "2018-06-10T09:09:57"
}
}
}