0

I have registered an application on Azure AD and created 2 users and a group in the azure ad directory using the azure portal. Now through Microsoft Graph explorer , I am testing the API for the operation "Get All user groups is the organization", but I am getting empty array as response though there exists a group on the AD in my directory.

For the operation "Get the groups I belong to", I get error.

I have followed the documentation, and as I understand we need to first request an access token to make calls to other APIs like fetching user groups etc. I followed the steps as mentioned in the link: https://learn.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0#4-get-an-access-token to request the access token.

I have fired a query from graph explorer, and details are:

1) Specified the endpoint as: https://login.microsoftonline.com/[TENANTID]/oauth2/v2.0/token

2) Specified request header with content type : application/x-www-form-urlencoded

3) Sent the request body in json

4) Given application permissions and also granted the admin consent using the Azure portal.

I have carefully rechecked the client ID, tenant ID, scope, secret and other creds again. But on making the API call I don't receive any response.

JSON body to request access token: 

{
    "client_id": "[clientId]",
    "scope": "https://graph.microsoft.com/.default",
    "client_secret": "[the-secret]",
    "grant_type": "client_credentials"
}

Expected result: I should get a json response with "Bearer" token in it.

Actual result:There is no response from Azure , and the request is shown a s processing.

In which direction should I see to solve the problem? I found a similar question here: **Where can I find APP ID URI for Microsoft App? **. But my problem is still unsolved.

Screenshot showing the request and response: enter image description here

Screenshot showing the group in azure ad: enter image description here

Ayush
  • 880
  • 1
  • 9
  • 21
  • 1
    I'm confused. Your question asks about Bearer tokens but the screenshot shows Groups in Graph Explorer. Is your question about Bearer Tokens, Microsoft Graph, or Graph Explorer? They are 3 different things. – Marc LaFleur Nov 11 '19 at 16:51
  • Okay,let me explain. So my ultimate aim is to make calls to APIs like "Fetching user groups", "Fetching the group to which a user belongs" etc from the graph explorer. But, according to the documentation, we have to request and get a access token(Bearer token) first to make these API calls. So I tried to fetch token by calling /token endpoint from graph explorer, but didn't get any response.So asked the question on stack overflow. Now as Allen Wu answered, when using graph explorer we dont need to fetch the token to make API calls, and we can directly call the API to fetch all groups. – Ayush Nov 12 '19 at 05:42
  • But the API call to fetch all groups is also not returning me the result, when making the call through graph explorer. So this is my problem. But let me also tell you that token fetching and group fetching is working through postman. – Ayush Nov 12 '19 at 05:44

1 Answers1

1

The Microsoft Graph explorer is a tool that lets you make requests and see responses against the Microsoft Graph. It will get an access token for you automatically before you call Graph endpoint. Do not use it to call endpoints other than Graph.

Your process should be OK. But you should choose other tools such as Postman, Talend API TESTER.

Update:

enter image description here

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • Also, a simple request to fetch the all groups is not returning the groups list , but an empty array. Please look at this: https://learn.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http#example-1-return-a-list-of-group-objects . If I fire the same query as specified here, I get an empty array. Its mentioned there that we need to send "Bearer" token with this request. – Ayush Nov 11 '19 at 09:37
  • Yes. It will generate an access token for you to call graph resource in Microsoft Graph Explorer. You don't need to include an extra access token with the request. See my update. – Allen Wu Nov 11 '19 at 09:46
  • If you still can't get the expected result, please add some screenshots of your Azure AD group and the request in Microsoft Graph Explorer. – Allen Wu Nov 11 '19 at 09:50
  • Allen , pls check the screenshots I have added to the question – Ayush Nov 11 '19 at 10:09
  • You are logging in to a personal account instead of a work account. So you can't find the Graph data. Please double check the Azure AD tenant where you created the group and log in to the Microsoft Graph Explorer with the correct work account. Check the tenant by following this 3rd-party article: https://helpdesk.kaseya.com/hc/en-gb/articles/115002521251-How-Do-I-Find-My-Azure-AD-Tenant-Name-. – Allen Wu Nov 12 '19 at 01:17
  • Hi @Allen. I am able to do all API calls including the call to fetch access token ,using the same mail account, but using POSTMAN application. I am unable to get response when making the same calls using graph explorer. So I guess they mail account is not the cause. – Ayush Nov 15 '19 at 05:04