search

CyberNinjas / libnss_aad

Name Service Switch (NSS) Module for performing user lookups against the Azure Active Directory (AAD).
GNU General Public License v3.0
13 stars 5 forks source link

Azure AD Graph API being deprecated in favor of Microsoft Graph API #2

Open Jnchi opened 5 years ago

Jnchi commented 5 years ago

See: Microsoft Graph or the Azure AD Graph

Resources:

Jnchi commented 5 years ago

Request

GET /v1.0/me HTTP/1.1
cache-control: no-cache
Postman-Token: 978f4520-c5c2-4709-9964-050480c1530d
Authorization: Bearer [ . . . REDACTED . . . ]
User-Agent: PostmanRuntime/7.6.1
Accept: */*
Host: graph.microsoft.com
Accept-Encoding: gzip, deflate
Connection: close

Response

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
request-id: 2e75b6d5-43c7-46f4-ab0e-e83db507e303
client-request-id: 2e75b6d5-43c7-46f4-ab0e-e83db507e303
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South Central US","Slice":"SliceC","Ring":"5","ScaleUnit":"003","RoleInstance":"AGSFE_IN_2","ADSiteName":"SCU"}}
WWW-Authenticate: Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c000-000000000000"
Strict-Transport-Security: max-age=31536000
Date: Fri, 22 Mar 2019 17:45:00 GMT
Connection: close
Content-Length: 244

{
  "error": {
    "code": "InvalidAuthenticationToken",
    "message": "Access token validation failure.",
    "innerError": {
      "request-id": "2e75b6d5-43c7-46f4-ab0e-e83db507e303",
      "date": "2019-03-22T17:45:01"
    }
  }
}

Resources:

--

In get_oauth2_token(), the resource value, 00000002-0000-0000-c000-000000000000, in the POST body should be changed to https://graph.microsoft.com.

oxr463 commented 3 years ago

@neverrend I think this might be what we discussed the other day.

D0wn3r commented 2 years ago

Hi ! What about that ? It is not possible to select "Azure AD Graph API" in permissions.

Downer

oxr463 commented 2 years ago

Hi ! What about that ? It is not possible to select "Azure AD Graph API" in permissions.

Yes, see: https://github.com/aad-for-linux/aad-for-linux/issues/18#issuecomment-990818686

D0wn3r commented 2 years ago

Hi ! What about that ? It is not possible to select "Azure AD Graph API" in permissions.

Yes, see: aad-for-linux/aad-for-linux#18 (comment)

Thank you very much for your fast answer. I will follow it and be ready to test when it will be done