This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello
I don't really know if there is another place to put this question, but if anyone knows a place, let me know.
I'm trying to code some scripts to get access to the API in office 365 to monitor stuff, with multitenancy.
I followed this articles : https://msdn.microsoft.com/en-us/office-365/get-started-with-office-365-management-apis and used a few things found here and there
I now have a App in my Azure portal, with private key, and trust on my own tenant
I managed to code a script in powershell that generate the Authorization Request and get the AccessToken exactly as the get-started article shows in the last pages.
Now I try to go to the next step and actually consume the API as shown here :
https://msdn.microsoft.com/en-us/office-365/office-365-service-communications-api-reference
Example :
GET https://manage.office.com/api/v1.0/contoso.com/ServiceComms/CurrentStatus
Authorization: Bearer {AAD_Bearer_JWT_Token}
this looks like this in my script
$testurl="https://manage.office.com/api/v1.0/"+$decToken.Payload["tid"] + "/ServiceComms/CurrentStatus"
$test=Invoke-RestMethod -Uri $testurl -Method Get -Headers @{Authorization=("Bearer "+$Authorization.access_token)}
$Authorization.access_token is the token obtained previously with a call to the "token" endpoint
$dectoken is the decoded token obtained with previously, and TID is the tenant ID.,
when I use "invoke-restmethod" without the headers, I get an authorization error, and when I put the headers :
Invoke-RestMethod : System.FormatException: Unrecognized Guid format.
at System.Guid.GuidResult.SetFailure(ParseFailureKind failure, String failureMessageID, Object failureMessageFormatArgument, String failureArgumentName, Exception innerException)
at System.Guid.TryParseGuid(String g, GuidStyles flags, GuidResult& result)
at System.Guid.Parse(String input)
at Microsoft.Office365ServiceComms.Common.OAuthAuthorizeAttribute.OnAuthorization(HttpActionContext actionContext) in
c:\SD\Brown\QLocal\cmd\22\sources\dev\ServiceHealthDashboard\src\ServiceComms\ServiceCommsWebService\Common\OAuthAuthorizeAttribute.cs:line 90
at System.Web.Http.Filters.AuthorizationFilterAttribute.OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.Office365ServiceComms.MessageHandlers.RequestResponseLogHandler.d__2.MoveNext() in
c:\SD\Brown\QLocal\cmd\22\sources\dev\ServiceHealthDashboard\src\ServiceComms\ServiceCommsWebService\MessageHandlers\RequestResponseLogHandler.cs:line 59
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at System.Web.Http.HttpServer.d__0.MoveNext()
At C:\TEMP\Untitled4.ps1:64 char:9
so have I done something wrong with the access_token? (should I recode/reencrypt the token before reusing it)
or is there a bug on the server side : the exception mention
at Microsoft.Office365ServiceComms.Common.OAuthAuthorizeAttribute.OnAuthorization(HttpActionContext actionContext) in
c:\SD\Brown\QLocal\cmd\22\sources\dev\ServiceHealthDashboard\src\ServiceComms\ServiceCommsWebService\Common\OAuthAuthorizeAttribute.cs:line 90
...
at System.Web.Http.HttpServer.d__0.MoveNext()
and that is not on my side,
I'm going to try in C# with more control on debugging but the code is almost identical, so if anyone know what's happening, or has encounter this api recently any help is appreciated
Best regards and happy holidays
Christophe
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
thanks, I had forgotten about MSDN forum being separate from here
Christophe
Hi Niel,
We suggest you post a new thread in our Office 365 for Developers forum for professional support. It’s the specific channel that handles this kind of questions and issues.
Thanks for your understanding.
Tim
ha!
I went further and tried different things and tenant just in case
I realize my tenant ID was wrong in a sense, using "common" for myself is returning a token with no role
using my DNS name in the initial token generate an access token with the roles I want explicitly displayed
based from that, I could test the previous api call and it works and I get my information
the working token :
PS C:\temp>$decToken.Payload
Key Value
iss https://sts.windows.net/xxx/
iat 1483046133
nbf 1483046133
exp 1483050033
appid yyyyyyyyyyyyyy
appidacr 2
idp https://sts.windows.net/zeazeazeaze/
oid aaaazeezeazeze
roles {ServiceHealth.Read,ActivityFeed.Read}
sub aaaaaaaaaaaaaaaaaaa
tidbbbbbbbbbbbbbbbbbbb
ver1.0
The Roles and OID are not present when using a wrong tenant information or not having the authorization
So I should be getting something else when calling the Rest Method, I should be getting a 401 error
I tried without the Rest decoding and simply did a web request
Invoke-WebRequest-Uri$testurl-MethodGet-Headers@{Authorization=("Bearer "+$Authorization.access_token)}
I obtained the same exception, with less formatting
finally I tried
$request=[System.Net.WebRequest]::Create($testurl)
$request.Method="Get"
$request.Headers.add("Authorization","Bearer "+$Authorization.access_token)
$response=$request.GetResponse()
$requestStream=$response.GetResponseStream()
$readStream=New-ObjectSystem.IO.StreamReader$requestStream
$data=$readStream.ReadToEnd()
and got something more to the point
Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (500) Internal Server Error."
At line:4 char:1
so I'm really guessing there is not a good handling of unauthorized token server side