We are using https://graph.microsoft.com/v1.0/me
for Microsoft login in the Android app.
but got com.android.volley.AuthFailureError
error.
AUTH CONFIG FILE:
{
"client_id": "...",
"authorization_user_agent": "DEFAULT",
"redirect_uri": "msauth://....",
"account_mode" : "MULTIPLE",
"broker_redirect_uri_registered": false,
"authorities" : [
{
"type": "AAD",
"authority_url": "https://login.microsoftonline.com/common"
}
]
}
MSGraphRequestWrapper.callGraphAPIUsingVolley(
this,
accessToken,
"https://graph.microsoft.com/v1.0/me",
new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
/* Successfully called graph, process data and send to UI */
}
},
new Response.ErrorListener() {
@Override
public void one rrorResponse(VolleyError error) {
error.printStackTrace();
//Here got error com.android.volley.AuthFailureError
}
});
Although it's working with our other clientid, only creates problem in production clientid.
ERROR:
com.android.volley.AuthFailureError
at com.android.volley.toolbox.NetworkUtility.shouldRetryException(NetworkUtility.java:189)
at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:145)
at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:132)
at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:111)
at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:90)
Volley: [343742] NetworkUtility.shouldRetryException: Unexpected response code 403 for
https://graph.microsoft.com/v1.0/me
I tried to find the answer for this but did not get any reliable answer.
Can anyone please suggest why it's happening?
CodePudding user response:
Make sure you have correct scope to call garph Api , learn more about the error for 403 - https://docs.microsoft.com/en-us/graph/resolve-auth-errors , we highly recommend you to user MSAL library to to get authenticate and get access token for ghaph API.- https://github.com/AzureAD/microsoft-authentication-library-for-android . Create a new MultipleAccountPublicClientApplication instance. String[] scopes = {"User.Read"}; IMultipleAccountPublicClientApplication mMultipleAccountApp = null; IAccount mFirstAccount = null;
PublicClientApplication.createMultipleAccountPublicClientApplication(getContext(),
R.raw.msal_config,
new IPublicClientApplication.IMultipleAccountApplicationCreatedListener() {
@Override
public void onCreated(IMultipleAccountPublicClientApplication application) {
mMultipleAccountApp = application;
}
@Override
public void one rror(MsalException exception) {
//Log Exception Here
}
});
Acquire a token interactively
mMultipleAccountApp.acquireToken(this, SCOPES, getAuthInteractiveCallback());
private AuthenticationCallback getAuthInteractiveCallback() {
return new AuthenticationCallback() {
@Override
public void onSuccess(IAuthenticationResult authenticationResult) {
/* Successfully got a token, use it to call a protected resource */
String accessToken = authenticationResult.getAccessToken();
// Record account used to acquire token
mFirstAccount = authenticationResult.getAccount();
}
@Override
public void one rror(MsalException exception) {
if (exception instanceof MsalClientException) {
//And exception from the client (MSAL)
} else if (exception instanceof MsalServiceException) {
//An exception from the server
}
}
@Override
public void onCancel() {
/* User canceled the authentication */
}
};
}
Acquire a token silently
/*
Before getting a token silently for the account used to previously acquire a token interactively, we recommend that you verify that the account is still present in the local cache or on the device in case of brokered auth
Let's use the synchronous methods here which can only be invoked from a Worker thread
*/
//On a worker thread
IAccount account = mMultipleAccountApp.getAccount(mFirstAccount.getId());
if(account != null){
//Now that we know the account is still present in the local cache or not the device (broker authentication)
//Request token silently
String[] newScopes = {"Calendars.Read"};
String authority = mMultipleAccountApp.getConfiguration().getDefaultAuthority().getAuthorityURL().toString();
//Use default authority to request token from pass null
IAuthenticationResult result = mMultipleAccountApp.acquireTokenSilent(newScopes, account, authority);
}