I am trying to connect to the Microsoft Graph API without user intervention, and am following this guide on how to do so. I am able to get past step 4, where I receive my access token. However, I continue to receive an error saying that my access token is empty.

The first part of my code successfully gets the access token:

import urllib3

uri = "https://login.microsoftonline.com/companyID/oauth2/v2.0/token"

payload= {

    'Content-Type': 'application/x-www-form-urlencoded',
    'Host': 'login.microsoftonline.com',
    'client_id': 'xxxxxxxxxxxxxxxxxxxxx',
    'scope': 'https://graph.microsoft.com/.default',
    'client_secret': 'xxxxxxxxxxxxxxxxxxxxx',
    'grant_type': 'client_credentials'

        }

http = urllib3.PoolManager()

response = http.request('POST', uri, payload)

print(response.data)

my_dict = eval(response.data)
token = f"{my_dict['token_type']} {my_dict['access_token']}"

When I try running this second part to connect to the Graph API:

import urllib3
uri2 = 'https://graph.microsoft.com/v1.0/users/12345678-73a6-4952-a53a-e9916737ff7f'

payload2 = {
    'Authorization':token,
    'Host':'graph.microsoft.com'
        }

https = urllib3.PoolManager()
response2 = http.request ('GET', uri2, payload2)
print(response2.data)

I get this error:

b'{"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2022-10-21T13:55:42","request-id":"xxxxxxxxx-aced-469c-a68c-xxxxxxxx","client-request-id":"xxxxx-aced-469c-a68c-xxxxxxxxxxxx"}}}'

All of the permissions are correctly set up on the app's end, I'm scratching my head on why the token is saying it's empty. Any and all help is greatly appreciated!

CodePudding user response：

I tried to reproduce the same in my environment and got the below results:

I created one Azure AD application and granted permissions as below:

Now, I ran the same code as you and got the token successfully as below:

import urllib3
uri = "https://login.microsoftonline.com/tenantID/oauth2/v2.0/token"
payload= {

    'Content-Type': 'application/x-www-form-urlencoded',
    'Host': 'login.microsoftonline.com',
    'client_id': 'xxxxxxxxxxxxxxxxxxxxx',
    'scope': 'https://graph.microsoft.com/.default',
    'client_secret': 'xxxxxxxxxxxxxxxxxxxxx',
    'grant_type': 'client_credentials'
 }
http = urllib3.PoolManager()
response = http.request('POST', uri, payload)
print(response.data)
my_dict = eval(response.data)
token = f"{my_dict['token_type']} {my_dict['access_token']}"

Output:

When I tried to call Graph API with same code, I got same error as you like below:

import urllib3
uri2 = 'https://graph.microsoft.com/v1.0/users/d6076090-fxx9-4xxa-8xxf-4xxxxxxxxx3'
payload2 = {
    'Authorization':token,
    'Host':'graph.microsoft.com'
        }
https = urllib3.PoolManager()
response2 = http.request ('GET', uri2, payload2)
print(response2.data)

Output:

As you included Authorization in parameters instead of headers, your code is unable to identify the token.

To resolve the error, try to modify your code like below:

import urllib3
urllib3.disable_warnings()
uri2 = 'https://graph.microsoft.com/v1.0/users/d6076090-fxx9-4xxa-8xxf-4xxxxxxxxx3'
response2 = http.request ('GET', uri2, headers={    
        "Authorization": token
})
print(response2.data)

Output:

I got the user's details in the response successfully when I used the modified code.

CodePudding user response：

Please try by changing the following line of code:

response2 = http.request ('GET', uri2, payload2)

to

response2 = http.request ('GET', uri2, headers=payload2)