search

OfficeDev / Office-365-SDK-for-Android

Microsoft Services SDKs for Android produced by MS Open Tech.
https://dev.office.com/android
Other
224 stars 75 forks source link

How to properly create the DirectoryClient #74

Closed davidchesnut closed 9 years ago

davidchesnut commented 9 years ago

I'm trying to create a DirectoryClient object to work with users and groups. But I can't figure out how to properly instantiate the object. All other services work (mail, files) when obtaining them through discovery services. But using the following code I get 403 errors when I attempt to use the DirectoryClient object.

    AuthenticationController
            .getInstance()
            .setResourceId("https://graph.windows.net/");
    ADALDependencyResolver dependencyResolver = (ADALDependencyResolver) AuthenticationController
            .getInstance()
            .getDependencyResolver();

    DirectoryClient directoryClient=new DirectoryClient("https://graph.windows.net/",dependencyResolver);

Thanks! David

joshgav commented 9 years ago

Hi Dave,

Discovery shouldn't be necessary for Directory. Can you add more code to your snippet up to the point where you get an error?

Thanks! Josh

davidchesnut commented 9 years ago

Okay, I get the error on the call to getusers().read()... I have permissions in AD for "Read and write directory data" and "Enable sign-on and reaed users' profiles"

    AuthenticationController
            .getInstance()
            .setResourceId("https://graph.windows.net/");
    ADALDependencyResolver dependencyResolver = (ADALDependencyResolver) AuthenticationController
            .getInstance()
            .getDependencyResolver();
    DirectoryClient directoryClient=new DirectoryClient("https://graph.windows.net/",dependencyResolver);

    try {
        List<User> userList = directoryClient.getusers().read().get();
        Log.i("userTitle", userList.get(0).getdisplayName());
    } catch (ExecutionException e) {
        e.printStackTrace();
    } catch (InterruptedException e) {
        e.printStackTrace();
    }

Thanks! David

marcote commented 9 years ago

David, could you reproduce the behavior using a REST client ? I'm not sure we're doing anything wrong, a that's the best way to check it.

Thank you.

davidchesnut commented 9 years ago

I don't think your code is doing anything wrong. I suspect it is my code that is not creating the DirectoryClient correctly. That's why I'm asking what is the correct way to create the DirectoryClient.

From a trace I can see that the call goes straight to https://graph.windows.net/users/. But it should have called login.windows.net to request a new auth token first. So I suspect I haven't set a property correctly.

Thanks! David

davidchesnut commented 9 years ago

Actually it is calling login.microsoftonline.com to get the auth token, but it does not structure the call correctly. If should be in the form of https://graph.windows.net/{tenant-identifier}/{resource-path}?[query-parameters] But it does not pass the tenant ID, or the api version. It should look something like this: https://graph.windows.net/b52bb8c1-fcfa-43bd-8c73-8cf9ca7877f2/users?api-version=1.5 (this call works for me at REST level) Is it because the adalDependencyResolver is not configured correctly for DirectoryClient?

Thanks! David

davidchesnut commented 9 years ago

I think i'm getting closer. I can actually get the client to work now, but it all boils down to how I construct the DirectoryClient. If I pass it my tenant id, and the AD API version to use, it starts working.

But is this correct? 

    AuthenticationController
            .getInstance()
            .setResourceId("https://graph.windows.net/");
    ADALDependencyResolver dependencyResolver = (ADALDependencyResolver) AuthenticationController
            .getInstance()
            .getDependencyResolver();
    dependencyResolver.setResourceId("https://graph.windows.net/");

    DirectoryClient directoryClient=new DirectoryClient("https://graph.windows.net/"+myTenantID+"?api-version=1.5",dependencyResolver);

//And now my calls work....

marcote commented 9 years ago

I'm afraid it is. Think of the client as the builder and starting point for each endpoint . If for some reason they require extra parameter what you did is the correct solution.

Thanks David

On Apr 22, 2015, at 7:41 PM, David Chesnut notifications@github.com wrote:

I think i'm getting closer. I can actually get the client to work now, but it all boils down to how I construct the DirectoryClient. If I pass it my tenant id, and the AD API version to use, it starts working.

But is this correct?

AuthenticationController
        .getInstance()
        .setResourceId("https://graph.windows.net/");
ADALDependencyResolver dependencyResolver = (ADALDependencyResolver) AuthenticationController
        .getInstance()
        .getDependencyResolver();
dependencyResolver.setResourceId("https://graph.windows.net/");

DirectoryClient directoryClient=new DirectoryClient("https://graph.windows.net/"+myTenantID+"?api-version=1.5",dependencyResolver);

//And now my calls work....

— Reply to this email directly or view it on GitHub.