0

Here's my relevant code...

Dim wclient2 = New WebClient()
wclient2.Headers.Add("Authorization", "Bearer " & accessToken)
Dim response As String = wclient2.DownloadString("https://graph.microsoft.com/v1.0/me")

I'm getting "400 Bad Request" error.

My accessToken is valid. My application is registered and has User.Read.All application permissions.

Anybody see what I'm doing wrong?

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
s15199d
  • 7,261
  • 11
  • 43
  • 70
  • can you share the error returned in the response body? – David Sep 26 '18 at 18:15
  • Did you try adding the `Content-Type` header set to `application/json`? – Filburt Sep 26 '18 at 18:17
  • @Filburt yes I tried that first. Took it out not knowing for sure if the response was in fact JSON. – s15199d Sep 26 '18 at 18:33
  • @DanSilver "The remote server returned an error: (400) Bad Request." – s15199d Sep 26 '18 at 18:34
  • @Filburt same error message with `wclient2.Headers.Add("Content-Type", "application/json")` – s15199d Sep 26 '18 at 18:35
  • [Bad Request 400 when making API call to Microsoft Graph](https://stackoverflow.com/q/43332236/205233) suggests that an `Accept` header is required as well. `WebClient` and `WebRequest` an the like all behave a little different in one or the other way. – Filburt Sep 26 '18 at 18:51
  • @Filburt I tried `wclient2.Headers.Add("Accept", "application/json")` and `wclient2.Headers.Add("Accept", "application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8")` and got the same 400 Bad Request error message. – s15199d Sep 26 '18 at 19:03
  • i tried `Dim wr As HttpWebRequest = HttpWebRequest.Create("https://graph.microsoft.com/v1.0/me") wr.Method = "GET" wr.KeepAlive = True wr.ContentType = "appication/json" wr.Accept = "application/json" wr.Headers.Add("Authorization", "Bearer " & accessToken) Dim res As HttpWebResponse res = DirectCast(wr.GetResponse(), HttpWebResponse) Dim sr As New System.IO.StreamReader(res.GetResponseStream()) Dim gMe As String = sr.ReadToEnd` still get 400 error – s15199d Sep 26 '18 at 19:29
  • @s15199d Please turn on Fiddler and get all the request+response headers and the body and provide that here. – Michael Mainer Sep 26 '18 at 20:26

1 Answers1

3

Application permissions are only applied when using the OAuth Client Credentials grant. This grant authenticates your app, not a user. In other words, there isn't a "user" in context.

The /me URI is just a shorthand alias for /users/{currentlyAuthenticatedUser}. Since you don't have a user authenticated, the Graph has no idea who /me is referring to.

When using Client Credentials, you need to explicitly reference the user you want:

https://graph.microsoft.com/v1.0/users/{userPrincipalName | id}
Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
  • 1
    Looks like I need to be using OpenID Connect. So, I'm barking up the wrong tree. Thanks @MarcLaFleur ! – s15199d Sep 27 '18 at 14:51
  • You could also use the Authorization Code or Implicit Grants (OpenID Connect is basically a superset of Auth Code). – Marc LaFleur Sep 27 '18 at 17:52