Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ConnectionJSON for REST Connection to graph.microsoft.com

Go to solution
aro
Regular Contributor
Regular Contributor

‎02/16/2023 06:18 AM

We want to import data from graph.microsoft.com via a normal REST connection.

According to Microsoft https://learn.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0 , the REST call to get a token looks like this (and it works via a REST client):

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret=qWgdYAmab0YSkuL1qKv5bPX
&grant_type=client_credentials

However, the ConnectionJSON examples in the Saviynt documentation included a different parameter resource:

{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"showResponse": true,
"url": "https://login.microsoftonline.com/<<TenantID>>/oauth2/v2.0/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "<<ClientSecret>>",
"client_id": "<<ClientID>>",
"resource": "https://graph.microsoft.com/"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc"
}
}
}

This call with "resource" parameter does not work in a REST client. No token is generated.
Is something wrong in the Saviynt documentation?

We have tried all the possibilities with the two indifferent parameter (only "scope", only "resource", both), but we always get InvalidAuthenticationToken Errors:

{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] DEBUG rest.RestProvisioningService - Access token expired. throwing InvalidAuthenticationToken / [InvalidAuthenticationToken] exception for retry\n","stream":"stdout","time":"2023-02-16T14:12:14.762448612Z"}
{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :InvalidAuthenticationToken\n","stream":"stdout","time":"2023-02-16T14:12:14.762508379Z"}
{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 2\n","stream":"stdout","time":"2023-02-16T14:12:14.762553656Z"}

What is there to consider with ConnectionJSON? What are the correct values to authenticate?

 

Labels:
0 Kudos
2 REPLIES 2

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎02/16/2023 06:32 AM

Hi,

JSON from Saviynt side is looking fine, I have a attached a sample that is working for me.

However I see your URL is "https://login.microsoftonline.com/<<TenantID>>/oauth2/v2.0/token"

Please try the following one instead : https://login.microsoftonline.com/<TENANTID>/oauth2/token

Regards,
Adrien COSSON
Preview file
1 KB

Go to solution
aro
Regular Contributor
Regular Contributor

‎02/20/2023 08:01 AM

Hi @adriencosson,

thank you very much for your support. With your code the import works now.
I had looked on the Microsoft site and there are only the v2.0 examples (.../oauth2/v2.0/token) which only work with the &scope parameter.
The .../oauth2/token variant, on the other hand, requires the &resource parameter.

0 Kudos
Copyright © 2024 Khoros, LLC