We have a great Java Graph SDK sample in our tutorial document located here. Pay special attention to the versions as not having the correct version of the prerequisites will give you difficulty! The sample will run a console application and uses the Oauth2 Device Code flow for authentication. Once it compiles and runs, you will get a message like this for the device code flow sign in: “To sign…
Read MoreSome notes regarding the Microsoft Graph Subscription and webhook
For certain Azure AD resources or Directory Objects you can use Microsoft Graph to create Subscriptions to receive change notifications event. Below are some notes to be aware of: Subscription object Lifetime Each subscription object (except for Security alerts) is only valid for 3 days maximum, so make sure you renew the subscription before it expires to keep receiving change notifications. See https://docs.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0 for more detail on maximum subscription length…
Read MoreReceiving error WIF10201: No valid key mapping found for securityToken
Customer has an ASP.Net MVC application using both WS-Federation OWIN middleware and Windows Identity Foundation (WIF) to authenticate to Azure AD. The application works fine initially and then fails with the following error: Error Details:Server Error in ‘/’ Application.WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘https://sts.windows.net/<Directory ID>/’. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for…
Read MoreGraph Client Authentication Provider
The Graph Client Authentication Providers allows for each authentication to the graph endpoint implementing a variety of OAUTH2 flows. I will demonstrate the use of this library in c# code based on this GitHub. Previously, you had to build your own Authentication Provider ( see my creation of the client credentials provider in a vb.net application here ) . This library will allow you to use the following flows: Confidential…
Read Morereceiving error AADSTS50105: The signed in user ‘{EmailHidden}’ is not assigned to a role for the application
Problem: A tenant admin may receive the error “AADSTS50105: The signed in user ‘{EmailHidden}’ is not assigned to a role for the application…” when clicking on the “Grant Admin Consent” button in Azure AD’s App Registration portal as shown in the screen shot below: Why is this happening? This error typically happens when the Enterprise Application portion (or Service Principal) of the registered application has the setting ‘User Assignment Required’…
Read MoreExploring AzureServiceTokenProvider class with Azure Key Vault and Azure SQL
The AzureServiceTokenProvider class from the Nuget package Microsoft.Azure.Services.AppAuthentication can be used to obtain an access token. When running in Azure it can also utilize managed identities to request an access token. In this post I’ll focus on using this class to get an access token for Azure Key Vault. Keep in mind that you can also use this class to obtain an access token for any Azure resources integrated with…
Read MoreGraph Query to get B2B user using User Principal Name (UPN)
If you are using Microsoft Graph API Query to fetch B2B user using UPN, and experiencing below shown error: Query: https://graph.microsoft.com/v1.0/users/example_gmail.com#EXT#@example.onmicrosoft.com Response: { ‘error’: { ‘code’: ‘Request_ResourceNotFound’, ‘message’: ‘Resource ‘*******’ does not exist or one of its queried reference-property objects are not present.’, ‘innerError’: { ‘request-id’: ‘8f390389-b9c6-4f6b-93ba-c531b3d7d595’, ‘date’: ‘2019-12-05T23:55:40’ } } } Well, here is the fix: You will need to encode…
Read MoreUsing the GraphClient SDK in a VB.Net Console Application
In this blog post, I will show you how to use the GraphClient in a VB.Net application. You will need to create an app registration for this project. I used the exact same app registration that I used in my previous VB.Net blog post here. SDK Reference: https://docs.microsoft.com/en-us/graph/sdks/sdks-overview?view=graph-rest-1.0 I am using Visual Studio 2019 in this example. To begin, please start a VB.Net Console application and then install the following…
Read MoreUsing filter query on mail-related attributes in Microsoft Graph
The user object has email addresses stored in a couple of properties: the mail and otherMails properties. Both of these properties can be used to search for certain users having the desired email addresses. Here is an example of how to use the filter query to search for user using mail property: beta endpoint: GET https://graph.microsoft.com/beta/users?$filter=mail eq ‘john@contoso.com’ v1.0 endpoint: GET https://graph.microsoft.com/v1.0/users?$filter=mail eq ‘john@contoso.com’ Unlike the mail attribute (string-type property),…
Read MoreSegment Users in Azure AD
If you have been using Microsoft Graph API to add or modify users in Azure Active Directory (Azure AD) you may have noticed that when you create a new user it lives with all the other users, some of which may have nothing to do with your application. Ideally, you may want a sub-directory or business unit of sorts. Fortunately, there are ways to segment these users in a more…
Read More