Graph API authentication - BAD REQUEST

Alberto Zumiani 96 Reputation points
2021-05-12T10:44:59.243+00:00

Dear support,

I've developed an application to use graph api to authenticate over AAD.
It worked for months but now it returns me "StatusCode: BadRequest - Reason: Bad Request"

Where can I see which is the problem with my request?
On client application side I have no more informations on this error.

Application has been developed with these steps:

  • authenticate with scopes "user.read"
  • grant permission to entrprise app with scope "api://{0}/User.Impersonation"

Token is then passed to another application that perform another request (GetHttpContentWithToken (copied from example)) with scopes "user.read"

Thank you

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,714 questions
0 comments No comments
{count} votes

Accepted answer
  1. Alberto Zumiani 96 Reputation points
    2021-05-13T09:41:35.947+00:00

    Found the issue. It was in Bearer token: it was taken from a file and it ended with a crlf char.
    Removed that char solved the issue.
    Probably Microsoft changes something on their side

    Best regards

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. James Hamil 20,816 Reputation points Microsoft Employee
    2021-05-12T21:14:28.437+00:00

    Hi @Alberto Zumiani , what version are you using, 1.0 or beta? Have you changed anything recently like policies or subscription types? Is there any issue with your subscription? Have you followed and documents or threads to help resolve the issue? From the troubleshooting guide:

    Based on an organization's CA policies, a user accessing Microsoft Graph resources via your app might be challenged for additional information that is not present in the access token your app originally acquired. In this case, your app receives a 400 with an interaction_required error during access token acquisition or a 403 with insufficient_claims error when calling Microsoft Graph. In both cases, the error response contains additional information that can be presented to the authorize endpoint to challenge the user for additional information (like multi-factor authentication or device enrollment).>

    Since it has been working for months I don't think there's anything wrong with your implementation unless you recently changed or added something. Please let me know if anything above helps you. If not I will continue looking into this.

    Thank you,
    James

    0 comments No comments

  2. Alberto Zumiani 96 Reputation points
    2021-05-13T07:56:08.14+00:00

    Dear James,

    I've changed nothing recently. Strange thing is that if I use same Bearer token on Postman from my PC it works like a charm. If I use that from linux sever it returns BadRequest error. I really cannot understand what is wrong with my request.

    I'm using v1.0

    0 comments No comments