question

FarhinSShaikh avatar image
0 Votes"
FarhinSShaikh asked

Microsoft Graph Api-Unable to get logged in user details

Hi, I am new to azure counting only on the ongoing project experience. To give a background about the issue that I am facing with Azure active directory is,I have to implement authentication/authorization for my application that will be hosted on Public cloud but will be accessible to users from a particular domain only(single tenant).


link text

Attachment includes code that I have written to get the logged in User details. when trying to run the application,below is the error that I am getting:

{ "error": { "code": "Request_ResourceNotFound", "message": "Resource '4420a373-e920-4294-b479-750d6a1845c5' does not exist or one of its queried reference-property objects are not present.", "innerError": { "request-id": "4ad3af1d-e063-4863-806c-6fc28ee8e0bc", "date": "2019-12-14T08:09:53" } } }

I have cross verified :

1- ClientId,SecretId,TenantId of my application given in the code

2- The token that I am getting through the code using jwt.io.

3- My User name is already there in the Azure Active directory as well.

4- Read User profile scope is granted to my account

When trying to access the api from Graph explorer using https://graph.microsoft.com/v1.0/me/ I am able to access my details.

But when trying to run this to code,I get below error.

Any help would be appreciated on this.

Regards.

Hi


azure-active-directory
auth.txt (1.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
1 Vote"
michev answered MadanBisht-9803 published

You are obtaining a token via the confidential client flow, meaning you not running in the context of a user. Thus you should not be using the /me endpoint, but /users/objectID one.

Or obtain a token via some of the delegate permissions flows.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Yes. I am obtaining a token via a confidential client.Also,Yes the application is not running under the context of the logged in user.
I did check that the token i am getting from the code gives me partial information ie only the application details and the logged in user details is missing & so is the error "Request_ResourceNotFound".
Even for using object ID, I would need the user context right? Is this where delegate permission comes?
Or do I have to specifically implement OpenId Connect to get the current user?
Is there any reference article I could use that will help me resolve this?



P. S:Please excuse me if the queries/answers sound doltish

0 Votes 0 ·
michev avatar image michev ShaikhFarhin-5422 ·

No, you can use the users/ObjectID endpoint just fine. You simply cannot use /me, as there is no current user.

2 Votes 2 ·

Thanks it get resolved as we cannot use /me, as there is no current user

0 Votes 0 ·