2

I am creating an Azure AD App that is using the new Yammer delegated permissions preview to post a message to Yammer using the access token that I obtained from Azure AD. Unfortunately, I get a 401 Unauthorized response when trying to call Yammer Rest APIs.

Here is the code sample:

var resourceId = "https://www.yammer.com";
var endpointUrl = "https://www.yammer.com/api/v1/messages/following.json";
AuthenticationHelper helper = new AuthenticationHelper();
helper.EnsureAuthenticationContext(AuthenticationHelper.AuthorityMultitenant, resourceId);
var token = helper.AuthenticationResult.AccessToken;
HttpClient hc = new HttpClient();
hc.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var result = await hc.GetAsync(new Uri(new Uri("https://www.yammer.com"), endpointUrl));

Here I get the 401 Unauthorized, with a message "Authentication failure". I tried also with api.yammer.com instead of www.yammer.com, with no change. I know that the tokens are being retrieved correctly, as I tested them with other Office 365 REST APIs.

My assumption is that the token is in an unaccepted format, but it is supposed to accept Azure Tokens now that the Delegated Permissions were added. Am I using the wrong resource ID and endpoint?

glenatron
  • 11,018
  • 13
  • 64
  • 112
Ivan Inyushin
  • 31
  • 4
  • Have you ever found the solution for that problem? – Stefan Nov 27 '15 at 09:24
  • I am seeing the same problem. Would be pretty great if someone from Yammer could let us know how this is supposed to work... – glenatron Jan 11 '16 at 14:22
  • Any news on this? I am having identical problems right now... – Jonas Eriksson May 24 '16 at 15:11
  • At the time of writing this isn't a supported solution. The permission is a limited preview in AAD. Therefore, it won't support all scenarios. I recommend that folks register an application in Yammer and follow the current documentation on the Yammer developer site. – Brian Lyttle Feb 20 '19 at 16:59

3 Answers3

0

Your code sample looks correct. Does your user have an active Yammer subscription?

Mario Caropreso
  • 1
  • 1
  • Yes, of course. Everything seems to be configured correctly, at least with the browser the user can access yammer and perform actions there. – Ivan Inyushin Jun 29 '15 at 19:18
0

From an answer on the Yammer IT Pro Networks group for Office 365 developers, this:

Yammer authorization in apps is still handled completely separate from the rest of Office 365. You need to create a Yammer app in your network, and the users still needs to click the consent dialog to authorize it.

Yes, there is a delegated permission for Yammer API in Azure AD, but unless I am mistaken this does not actually do anything.

This is not from a Yammer source, because they never offer any kind of developer support or up-to-date documentation, but it seems entirely likely that this is another "feature" that simply doesn't work at all.

glenatron
  • 11,018
  • 13
  • 64
  • 112
0

I have found the resolution for the problem. It appeared to be that Yammer authentication can be configured in 2 ways - one way is to configure it to use the same authentication as other parts of Office 365, and another one is to is using a different configuration.

If Yammer's own SSO is used (in other words, Yammer has a separaate configuration for ADFS), then this problem happens.If you disable Yammer SSO for your network, all yammer authentication for “mapped” users will be handled by Office365. When that’s done, you can then use the Office 365 API.

Ivan Inyushin
  • 31
  • 4