I would like to see full information on my users in the AD (users in groups, etc...) I already have an application that signs in to AD and then I get a bearer token that has access to my azure blockchain workbench API and everything works fine. The workbench API has a users endpoint but the information is limited, it has first name, last name, email etc... and I would like to know more.
When trying to call the https://graph.microsoft.com/v1.0/me endpoint with the bearer token that I already have it is invalid and I get:
{
"odata.error": {
"code": "Authentication_MissingOrMalformed",
"message": {
"lang": "en",
"value": "Access Token missing or malformed."
},
"requestId": "47322d1e-24d5-4170-ace5-947a8725ec1c",
"date": "2019-03-13T08:14:37"
}
}
I also tried a different approach. I have a service principal and gave this service principal an windows active directory basic info on users privilege. I also gave it a Microsoft Graph privilege and also a privilege to mu blockchain app (not sure if I need to).
I call https://login.microsoftonline.com/{{tenant-id}}/oauth2/token with the client credentials body and I get a bearer token. Now with this bearer token I get:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "2a7febaa-a6db-4770-a323-1971fa0bf863",
"date": "2019-03-17T13:54:57"
}
}
}
