使用 Microsoft Graph Explorer 时无法从 Azure AD 获取访问令牌 [英] Unable to get access token from Azure AD when using Microsoft Graph Explorer

问题描述

我已在 Azure AD 上注册了一个应用程序，并使用 azure 门户在 azure ad 目录中创建了 2 个用户和一个组.现在通过 Microsoft Graph 资源管理器，我正在测试操作 获取所有用户组是组织" 的 API，但我得到空数组作为响应，尽管我的目录中的 AD 上存在一个组.

对于操作获取我所属的组"，出现错误.

我已按照文档进行操作，据我所知，我们需要先请求访问令牌才能调用其他 API，例如获取用户组等.我按照链接中提到的步骤操作:

显示天蓝色广告中的组的屏幕截图:

解决方案

Microsoft Graph 资源管理器是一种工具，可让您针对 Microsoft Graph 提出请求并查看响应.在您调用 Graph 端点之前，它会自动为您获取访问令牌.不要用它来调用 Graph 以外的端点.

您的流程应该没问题.但您应该选择其他工具，例如 Postman、Talend API TESTER.

<小时>

更新:

I have registered an application on Azure AD and created 2 users and a group in the azure ad directory using the azure portal. Now through Microsoft Graph explorer , I am testing the API for the operation "Get All user groups is the organization", but I am getting empty array as response though there exists a group on the AD in my directory.

For the operation "Get the groups I belong to", I get error.

I have followed the documentation, and as I understand we need to first request an access token to make calls to other APIs like fetching user groups etc. I followed the steps as mentioned in the link: https://docs.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0#4-get-an-access-token to request the access token.

I have fired a query from graph explorer, and details are:

1) Specified the endpoint as: https://login.microsoftonline.com/[TENANTID]/oauth2/v2.0/token

2) Specified request header with content type : application/x-www-form-urlencoded

3) Sent the request body in json

4) Given application permissions and also granted the admin consent using the Azure portal.

I have carefully rechecked the client ID, tenant ID, scope, secret and other creds again. But on making the API call I don't receive any response.

JSON body to request access token:

{
    "client_id": "[clientId]",
    "scope": "https://graph.microsoft.com/.default",
    "client_secret": "[the-secret]",
    "grant_type": "client_credentials"
}

Expected result: I should get a json response with "Bearer" token in it.

Actual result:There is no response from Azure , and the request is shown a s processing.

In which direction should I see to solve the problem? I found a similar question here: **Where can I find APP ID URI for Microsoft App? **. But my problem is still unsolved.

Screenshot showing the request and response:

Screenshot showing the group in azure ad:

解决方案

The Microsoft Graph explorer is a tool that lets you make requests and see responses against the Microsoft Graph. It will get an access token for you automatically before you call Graph endpoint. Do not use it to call endpoints other than Graph.

Your process should be OK. But you should choose other tools such as Postman, Talend API TESTER.

---

Update:

这篇关于使用 Microsoft Graph Explorer 时无法从 Azure AD 获取访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！