How can i check if the token passed to a POST command is authorized?

0
votes

My application is in angular 8 using MSAL v2.0. The app asks for user's office 365 credentials, logs them in and then allows them to create an event in their calendar. The user is successfully logged, a token is acquired but when trying to create an event in calendar using MS Graph Rest API, the system throws a 401 Unauthorized error.

The login function below returns a login success message when user logs in. The accessToken value is null but the idToken has a value. Should the accessToken have a value? Also, is the 401 error because scope is needed in the loginPopup command?:

loginPopup(request) {
        return super.loginPopup(request)
            .then((authResponse) => 
            this.broadcastService.broadcast("msal:loginSuccess", authResponse);
            return authResponse;
        })
            .catch((error) => {
            this.broadcastService.broadcast("msal:loginFailure", error);
            this.getLogger().error("Error during login:\n" + error.errorMessage);
            throw error;
        });
    }

The error message is: zone-evergreen.js:1042 "POST https://graph.microsoft.com/v1.0/me/events 401 (Unauthorized)"

Clicking on the link https://graph.microsoft.com/v1.0/me/events in this error message shows: https://login.microsoftonline.com//oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=&redirect_uri=https%3A%2F%2FmyApp.abc.com%2F&state=%3D&nonce=ad9d4ce5-7676-5515-a36c-7b2b3c70d366&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=sales1%40abc.com&client-request-id=&response_mode=fragment&sso_reload=true

1
angularmicrosoft-graph-apiunauthorized
Can you please share the requestid, timestamp and the whole error response for the failed request?Shiva Keshav Varma
You need an access token to call Microsoft Graph. Please see the method using msal.js: docs.microsoft.com/en-us/azure/active-directory/develop/….Allen Wu
If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you :)Carl Zhao

1 Answers

0
votes

This is because you are just sending a login request and not requesting to obtain an access token. Your response_type=id_token, so you only obtained an id token.

Calling this api requires you to have an access token, because you are calling the /me endpoint, so you need to obtain a user token interactively:

const requestObj = {
      scopes: ["user.read"]
  };

  this.authService.acquireTokenPopup(requestObj).then(function (tokenResponse) {
      // Callback code here
      console.log(tokenResponse.accessToken);
  }).catch(function (error) {
      console.log(error);
  });