Azure REST API - 401 error when calling List Applications (GraphRBAC) focus Mode

0
votes

I'm trying to test the Art of the possible with the Azure REST API and I've stumbled upon an odd issue

I can't list applications, this is actually important for us as we're trying to automate some of this.

https://docs.microsoft.com/en-us/rest/api/graphrbac/applications/list

If I try with the "Try It" Link, I get a 401 error.

{
  "odata.error": {
    "code": "Authentication_MissingOrMalformed",
    "message": {
      "lang": "en",
      "value": "Access Token missing or malformed."
    },
    "requestId": "a9758d8f-194f-4089-afd9-4b1d3ffb21d7",
    "date": "2018-10-25T18:22:46"
  }
}

The request does have a bearer token, I can see it using Fiddler.

If I try to list say, Web Apps, this works fine

https://docs.microsoft.com/en-us/rest/api/appservice/webapps/list

For the record, the user is a global administrator

Any ideas?

TIA

1
restazureazure-active-directorymicrosoft-graph-apiazure-ad-graph-api

1 Answers

0
votes

As the error says issue is with the token being presented. You can easily check the decoded token and see exact claims in a tool like https://jwt.ms or https://jwt.io

I think this could be a problem with 'aud' i.e. audience claim, since you mention that token works correctly for list Web Apps api but doesn't work for the list applications.

In case of list web apps, you might be acquiring the token for a resource like https://management.core.windows.net/ and thus 'aud' for the acquired token would also get the same value.

Check what value for resource you are specifying while acquiring the token for list applications call. Since you're trying to call Azure AD Graph API.. the resource value should be 'https://graph.windows.net'. Any other value could cause such an issue.

If audience values are correct but you still face issues, please edit your question to include a little more details/actual code related to, how you are acquiring the relevant token.