How to update GraphEndpoint to graph.microsoft.com from graph.windows.net

[haani-niyaz]

As per the documentation I am trying to retrieve a list of users for a daemon application. I can successfully execute the following curl commands and get the results:

Get Token

curl \
  -X POST \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data 'client_id={client_id}&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret={client_secret}&grant_type=client_credentials' \
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

Request

curl -X GET \
 -H "Authorization: Bearer XYZ...." \
"https://graph.microsoft.com/v1.0/users"

---

However executing the code snippet below results in an error:

_{The required environment variables are set.}

  authorizer, err := auth.NewAuthorizerFromEnvironment()
    if err != nil {
        fmt.Println(err)
    }

    client := graphrbac.NewUsersClient(os.Getenv("AZURE_TENANT_ID"))
    client.Authorizer = authorizer

    if _, err := client.List(context.Background(), "", ""); err != nil {
        fmt.Println("list users", err)
    }

Error Message

graphrbac.UsersClient#List: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."}}}]

Further inspection by running in debug mode shows me that the default endpoint is different:

2020/06/16 16:50:28 GET /XXX/users?api-version=1.6 HTTP/1.1
Host: graph.windows.net

If I generate a token and perform the curl request again, I get a token expired error:

curl \
 -X GET \
 -H "Authorization: XYZ..." \
https://graph.windows.net/1bd79572-bd51-4db0-a48b-490933792ad3/users\?api-version\=1.6
{"odata.error":{"code":"Authentication_ExpiredToken","message":{"lang":"en","value":"Your access token has expired. Please renew it before submitting the request."}}}%

I suspect if I change the GraphEndpoint to graph.microsoft.com I should have some success. However, the following does not take effect:

azure.PublicCloud.GraphEndpoint = "https://graph.microsoft.com"

Some guidance on this would be appreciated.

[ArcturusZhang]

Hi @haani-niyaz thanks for this issue!

graphrbac package in this repo is the Azure graph APIs, and the end point of graph.microsoft.com belongs to MSGraph, which although has the similar name, but actually a different set of SDKs.

A valid go version of this SDK could be found here

[haani-niyaz]

Thanks. I found this to be confusing until I came across #7352. Closing.

[akhilesh2410]

Hi @haani-niyaz ,

Did this solvethe issue, i am facing same issue while creating Azure AD app using azure-sdk-for-go and getting 403 error:
"error": "graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code=\"Unknown\" Message=\"Unknown service error\" Details=[{\"odata.error\":{\"code\":\"Authorization_RequestDenied\",\"date\":\"2021-12-23T11:43:25\",\"message\":{\"lang\":\"en\",\"value\":\"Insufficient privileges to complete the operation.\"},\"requestId\":\"9ff0a11d-ad06-4b34-9fe4-e32d2cd1a0d1\"}}]"

with below code for initializing appclient:
appClient := graphrbac.NewApplicationsClient(tenantID) credConfig := auth.NewClientCredentialsConfig(clientID, clientSecret, tenantID) credConfig.Resource = azure.PublicCloud.ResourceIdentifiers.Graph authorizer, err := credConfig.Authorizer() if err != nil { return appClient, err } appClient.Authorizer = authorizer err = backoffAlg.RetryOnError(a.Log, []string{}, 8, func() error { app, err = appClient.Create(context.Background(), graphrbac.ApplicationCreateParameters{ AvailableToOtherTenants: to.BoolPtr(false), DisplayName: to.StringPtr(appName)}) return err }) if err != nil { return app, err }
Any suggestion would be appreciated.