and more in a single search tool across platforms. Read the announcement here. |
02/16/2023 06:18 AM
We want to import data from graph.microsoft.com via a normal REST connection.
According to Microsoft https://learn.microsoft.com/en-us/graph/auth-v2-service?view=graph-rest-1.0 , the REST call to get a token looks like this (and it works via a REST client):
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret=qWgdYAmab0YSkuL1qKv5bPX
&grant_type=client_credentials
However, the ConnectionJSON examples in the Saviynt documentation included a different parameter resource:
{
"authentications": {
"acctAuth": {
"authType": "oauth2",
"showResponse": true,
"url": "https://login.microsoftonline.com/<<TenantID>>/oauth2/v2.0/token",
"httpMethod": "POST",
"httpParams": {
"grant_type": "client_credentials",
"client_secret": "<<ClientSecret>>",
"client_id": "<<ClientID>>",
"resource": "https://graph.microsoft.com/"
},
"httpHeaders": {
"contentType": "application/x-www-form-urlencoded"
},
"httpContentType": "application/x-www-form-urlencoded",
"expiryError": "ExpiredAuthenticationToken",
"authError": [
"InvalidAuthenticationToken"
],
"retryFailureStatusCode": [
401
],
"timeOutError": "Read timed out",
"errorPath": "error.code",
"maxRefreshTryCount": 5,
"tokenResponsePath": "access_token",
"tokenType": "Bearer",
"accessToken": "Bearer abc"
}
}
}
This call with "resource" parameter does not work in a REST client. No token is generated.
Is something wrong in the Saviynt documentation?
We have tried all the possibilities with the two indifferent parameter (only "scope", only "resource", both), but we always get InvalidAuthenticationToken Errors:
{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] DEBUG rest.RestProvisioningService - Access token expired. throwing InvalidAuthenticationToken / [InvalidAuthenticationToken] exception for retry\n","stream":"stdout","time":"2023-02-16T14:12:14.762448612Z"}
{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Exception in pullObjectsByRest :InvalidAuthenticationToken\n","stream":"stdout","time":"2023-02-16T14:12:14.762508379Z"}
{"log":"2023-02-16 14:12:14,762 [quartzScheduler_Worker-3] ERROR rest.RestProvisioningService - Inside token Expiry Exception block. connectionParamMap.refreshTryCount : 2\n","stream":"stdout","time":"2023-02-16T14:12:14.762553656Z"}
What is there to consider with ConnectionJSON? What are the correct values to authenticate?
Solved! Go to Solution.
02/16/2023 06:32 AM
Hi,
JSON from Saviynt side is looking fine, I have a attached a sample that is working for me.
However I see your URL is "https://login.microsoftonline.com/<<TenantID>>/oauth2/v2.0/token"
Please try the following one instead : https://login.microsoftonline.com/<TENANTID>/oauth2/token
02/20/2023 08:01 AM
Hi @adriencosson,
thank you very much for your support. With your code the import works now.
I had looked on the Microsoft site and there are only the v2.0 examples (.../oauth2/v2.0/token) which only work with the &scope parameter.
The .../oauth2/token variant, on the other hand, requires the &resource parameter.