I'm trying to set up a sign-on process for an internal company web app using the Azure AD and Microsoft Graph. I want to manage security groups in the AD, so when a user signs in via OAuth, I'm doing a GET request to https://graph.microsoft.com/v1.0/me/memberOf to see which groups the signed-in user is in. The user has the appropriate scopes to see this information, and it works in the Graph Explorer, but when I make the call in my PHP application, I get a malformed JSON response:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects",
"value": [{
"#odata.type": "#microsoft.graph.group",
"objectType": "Group",
"objectId": "blahblah2",
"deletionTimestamp": null,
"description": "Users who have access to my web app's administration",
"dirSyncEnabled": null,
"displayName": "Web App Administrators",
"lastDirSyncTime": null,
"mail": null,
"mailNickname": "blahblah2",
"mailEnabled": false,
"onPremisesSecurityIdentifier": null {
"error": {
"code": "InternalServerError",
"message": "Unsupported extension property type.",
"innerError": {
"request-id": "blahblah3",
"date": "2016-02-29T09:42:18"
}
}
}
...and that's all I get!
The documentation at https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#GroupEntity says that this onPremisesSecurityIdentifier field is something to do with on-premesis sync, but i've never used that.
Your request had api-version query parameter appended (i.e. /v1.0/me/memberOf?api-version=1.6). Please remove that query parameter. Microsoft Graph identifies the API version by the first segment in the URL path, e.g. https://graph.microsoft.com/v1.0/me/memberOf or https://graph.microsoft.com/beta/me/memberOf
Related
Question: how to remove an application logo.
Solution: previous solution from this answer, https://stackoverflow.com/a/57168008/1992004, is no longer working.
Google changed the format of "iconUrl" to "icon", and uses now the Base64-encoded data stream, like "icon":"iVBORw0KGgoAAAAN..., instead of the image URL, previously written as "iconUrl":"https://...".
I've tried "icon":"" and many Base64-encoded values like "icon":"IA", "icon":"Lw", and some of other - no success. I get console messages like
for "icon":""
{
"error": {
"code": 400,
"message": "The request failed because one of the field of the resource is invalid.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.PreconditionFailure",
"violations": [
{
"type": "client_auth_config",
"subject": "?error_code=9&error_field_name=UpdateIconRequest.icon&error_field_value=%3CByteString#3eeee81e+size%3D0+contents%3D%22%22%3E"
}
]
}
]
}
}
or
{
"error": {
"code": 400,
"message": "Request contains an invalid argument.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.identity.clientauthconfig.v1.ClientAuthConfigError",
"code": "ICON_STORAGE_FAILURE"
},
{
"#type": "type.googleapis.com/google.identity.clientauthconfig.v1.IconStorageError",
"reason": "INVALID_IMAGE"
}
]
}
}
or
{
"error": {
"code": 400,
"message": "Invalid value at 'icon' (TYPE_BYTES), Base64 decoding failed for \" \"",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "icon",
"description": "Invalid value at 'icon' (TYPE_BYTES), Base64 decoding failed for \" \""
}
]
}
]
}
}
Does somebody know, what should be inserted here to remove the logo image from the app?
Answer:
Unfortunately, there is no way for this to be done.
More Information:
Once an OAuth Application Logo has been uploaded there isn't a supported way of removing it - in the question that you linked the way that this was done is a bit hacky, inspecting the network requests and building a new request from the previous JSON object sent via the UI really shows this.
As the icon URL has changed to need a Base-64 encoded value this has been deprecated. Whether this was intentional by Google or not is hard to say, but now an empty value will always return INVALID_ARGUMENT. Any data in the value for icon will also just replace the image data and so this isn't a viable workaround, as as far as the validation process goes, image data exists and so will need to be verified.
If it's not too much of a arduous process, the only workaround here is to create a new GCP project with a new OAuth consent screen without uploading an image. Of course, you will need to reactivate all the relevant APIs and link the relevant scripts and projects to the new set-up.
Feature Request:
You can however let Google know that this is a feature that is important and that you would like to request they implement it. Google's Issue Tracker is a place for developers to report issues and make feature requests for their development services. I would suggest using the feature request template for G Suite Add-ons as this is a component for which GCP Projects could be used.
Update: The feature request for this is viewable here, to increase visibility on this, hit the ☆ at the top of the page.
Relevant Questions:
OAuth consent screen - ability to remove application logo [Obsolete]
May 2021 - It is still possible to completely delete the consent screen (and thus allowing to create it again). See my updated answer in https://stackoverflow.com/a/57168008/1992004
I've got a API stage that's NOT using "Lambda Proxy integration" which has a Lambda function passing an error.
In the mapping template I have this:
$input.path("$.errorMessage")
Which results in the output of this:
{
"headers": {
"apiVersion": "20190218.1",
"isTesting": true
},
"body": {
"statusCode": 503,
"status": "Service Unavailable",
"title": "One or more of our data providers are currently offline for scheduled maintenance"
}
}
The header values are mapped to template headers and pull through correctly, however I need the body to transform to this:
{
"statusCode": 503,
"status": "Service Unavailable",
"title": "One or more of our data providers are currently offline for scheduled maintenance"
}
Whatever I have tried, body always returns as a blank string, an empty body, or an invalid JSON.
This is the closest I've got but it returns an invalid JSON:
$util.parseJson($input.path("$.errorMessage")).body
Result (comes back with no quotes):
{statusCode=503, status=Service Unavailable, title=One or more of our data providers are currently offline for scheduled maintenance}
Is it possible to do what I'm after? I can't find a reverse for $util.parseJson (i.e, stringify).
Thanks!
I think the original poster has probably moved on in the past 11 months, but in case anyone else stumbles across this question, $input.json('$.errorMessage.body') should work.
We have CRM where customers create tickets (change requests, incidents...).
From developer team side we have Team Foundation Server 2018.
To speed up process we would like to automatize entire thing. So, when customer create ticket, to automatic create TFS User Story.
We developed code to take, every time when ticket is created, data and put into JSON file. (will attach code in Github and share a link)
But now, I just need info, is someone have an idea, how JSON file should looks like which need to post to TFS in order to create new user story.
{
"fields": {
"System.WorkItemType": "User Story",
"System.AreaPath": "EJ2TFS",
"System.TeamProject": "EJ2TFS",
"System.IterationPath": "EJ2TFS",
"System.State": "New",
"System.Reason": "New",
"Microsoft.VSTS.Common.StateChangeDate": "2019-01-01T00:00:00Z",
"System.ChangedBy": "Doe, John <firm\\doej>",
"System.CreatedBy": "Doe, John <firm\\doej>",
"System.Title": "Sample task created by POST API",
"System.Discussion":"test1",
"Microsoft.VSTS.Common.StateChangeDate": "2019-01-31T14:00:00",
"Microsoft.VSTS.Common.Priority": 2,
"Microsoft.VSTS.Common.ValueArea": "Business"
}
}
And error is:
{
"$id": "1",
"innerException": null,
"message": "The request indicated a Content-Type of \"text/plain\" for method type \"POST\" which is not supported. Valid content types for this method are: application/json-patch+json.",
"typeName": "Microsoft.VisualStudio.Services.WebApi.VssRequestContentTypeNotSupportedException, Microsoft.VisualStudio.Services.WebApi",
"typeKey": "VssRequestContentTypeNotSupportedException",
"errorCode": 0,
"eventId": 3000
}
Looks like your payload need a makeover. I referred couple of code samples & sharing this snippet. (Pls test this, I didn’t get a chance to test it)
POST https://dev.azure.com/fabrikam/{project}/_apis/wit/workitems/$User Story?api-version=5.0
[
{
"op": "add",
"path": "/fields/System.Title",
"from": null,
"value": "My first user story"
}
]
MS documentation example
GitHub sample
I am trying to access the office 365 calendar api to create an event. The steps i followed are
Created app and registered it in azure
Gave permisissions to the app
Hitting https://login.microsoftonline.com/{{tenantid}}/oauth2/token to get the access token
body :
{
"grant_type":"client_credentials",
"client_id": "*****",
"client_secret": "****",
"resource":"https://outlook.office.com"
}
Response :
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "262800",
"expires_on": "1532026206",
"not_before": "1532022306",
"resource": "https://outlook.office.com",
"access_token":"******"
}
When i pass this access token to https://outlook.office.com/api/v2.0/me/events which creates events. it gives me 401 unauthorised. Body of the request is as shown below. Someone please assist.
{
"Subject": "Discuss the Calendar REST API",
"Body": {
"ContentType": "HTML",
"Content": "I think it will meet our requirements!"
},
"Start": {
"DateTime": "2019-02-02T18:00:00",
"TimeZone": "Pacific Standard Time"
},
"End": {
"DateTime": "2019-02-02T19:00:00",
"TimeZone": "Pacific Standard Time"
},
"Attendees": [
{
"EmailAddress": {
"Address": "arulvelug#hexabot.onmicrosoft.com",
"Name": "Arulvelu G"
},
"Type": "Required"
}
]
}
To do authorization of office 365 and use REST API via Postman, here is a solution for your reference:
First: get security Token
Access [https://login.microsoftonline.com/extSTS.srf] via Http Post method. The content of the http request is as follows.
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
<o:Username>[username]</o:Username>
<o:Password>[password]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>[endpoint]</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
The demonstration screenshot in Postman:
And the response content will include a security token as below, we can use this security token to get Access Token of office 365.
Second: get Access Token
Here i show you how to get access token, I get it of my SharePoint using the security token.
Access [https://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0] via http Post method. The content of the request is the security token that we have got above as below.
And the response as below:
We can see that there are two cookie, rtFa and FedAuth in response header, and these two cookie need to be added to the request in subsequent request.
Third: get Request Digest
Access [https://yourdomain.sharepoint.com/_api/contextinfo] via http Post method with that two cookies which we have got above.
And the response as below:
This is the final Token we want!
Then we can use REST API of our app in O365, like SharePoint , we only need to add this token and the previous two cookie, as shown in the following figure.
I installed Orion and Fiware STH in order to use the minimalistic option.
The problem is that when i subscribe to an orion context then consult, the array is null.
"name": "temperature",
"values": []
In the STH log it says:
ERROR when collecting the raw data collection for retrieval (the collection may not exist).
I noticed that when i try to unsubscribe it returns a 200 OK message with the following body:
{
"subscriptionId": "xxx",
"statusCode": {
"code": "404",
"reasonPhrase": "No context element found",
"details": "subscriptionId: /xxx/"
}
}
EDIT: The request URL is:
192.168.60.117:8080/STH/v1/contextEntities/type/room/id/Room1/
(In my case the type is "room" and not "Room"). The headers are Accept,
Content-Type, Fiware-Service, Fiware-ServicePath
It looks like more a problem when you make the subscription to ORION than when the data is processed by STH, you can find how to make the subscription in Orion and how to notify to STH in this link: https://fiware-sth-comet.readthedocs.io/en/latest/data-storage/index.html, Also, if you provide more information of how you make the subscription and the logs I could have a better view of where is the problem and I can help you in a better way.