azure-ad-graph-api

问题 I am trying to add a reply_url programmatically to an Azure app registration, but I receive an azure.graphrbac.models.graph_error_py3.GraphErrorException: Specified HTTP method is not allowed for the request target. It fails when I try to update an existing application with new reply_urls . SDK I am using is: azure-graphrbac==0.61.1 My code: from azure.common.credentials import ServicePrincipalCredentials from azure.graphrbac import GraphRbacManagementClient from azure.graphrbac.models import

问题 I am trying to add a reply_url programmatically to an Azure app registration, but I receive an azure.graphrbac.models.graph_error_py3.GraphErrorException: Specified HTTP method is not allowed for the request target. It fails when I try to update an existing application with new reply_urls . SDK I am using is: azure-graphrbac==0.61.1 My code: from azure.common.credentials import ServicePrincipalCredentials from azure.graphrbac import GraphRbacManagementClient from azure.graphrbac.models import

问题 Received access token from AAD, using below url https://login.microsoftonline.com/gdfdddddd-87dd-497c-b894-xxxxxx/oauth2/v2.0/token grant_type :client_credentials client_id :xxxxx-1ff5-4615-8d71-yyyyyy client_secret:[7aCw]fdsfsfsfds.AC61Fg:cm33 scope : https://vault.azure.net/.default Validated the above received token using below code manually & it works fine IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>("https:/

问题 I am using Graph API to create user and this is how i am creating a user let payload = { "displayName": value.data.displayName, "identities": [ { "signInType": "userName", "issuer": "{tenantName}.onmicrosoft.com", "issuerAssignedId": value.data.memberNumber }, { "signInType": "emailAddress", "issuer": "{tenantName}.onmicrosoft.com", "issuerAssignedId": value.data.email } ], "passwordProfile": { "forceChangePasswordNextSignIn": true, "password": value.password }, "passwordPolicies":

问题 I have a webapi which generates aad token and I have written token generation logic in Get() method in webapi. I'm able generate aad jwt token from webapi get() method but, now I want to include some custom claims into the token. How can I set custom claims to aad token using c#. I have used below code for generating aad token. var authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/" + ConfigurationManager.AppSettings[

问题 I am using ADAL's (Microsoft.IdentityModel.Clients.ActiveDirectory v4.3.0) AuthenticationContext.AcquireTokenAsync to acquire a bearer token with a ClientCredential . I am creating a new AuthenticationContext to acquire a token for each request. Is that thread-safe? Or do I have to lock the call to AcquireTokenAsync with a static SemaphoreSlim ? I am asking because according to http://www.cloudidentity.com/blog/2013/10/01/getting-acquainted-with-adals-token-cache/ the method uses a static

问题 I have added Graph permissions that "User.ReadWrite.All" and other permissions like below, but I am not able to grant consent permission for the added requests. Even my organization's azure support team members also not able to give me permission. Why the "Grant admin consent for Arcadis" button is not enabled? Why is it showing "Not granted for Arcadis? Need to pay for this API consumption or How to enable this feature? 回答1: To grant consent to these permissions, the signed-in user must be

问题 I have an app containing a bot on Microsoft Teams, built using the bot-framework. I need my application to be able to let users send message to a specific channel and thread. I can do this with my bot using the "proactive messaging" ability, but the message is then send by the bot, not the user. Is there any way to achieve this as if the user sent the message? 回答1: You don't need to use the bot. Just try this Microsoft Graph API endpoint (beta version): POST https://graph.microsoft.com/beta

问题 I am working on a logic app that will create users in third party applications based on AAD group membership. To avoid issues when the group has more than 999 users I have implemented paging. I first get the first 50 users, and a NextLink that I call to get the next 50. This loop runs fine. Snippet of logic app When no more nextlink is found, the loop exits. During the loop iterations, I need to store the user information (first name, lastname, UPN etc) in an array so i can process everyone

问题 We are using AD deployed Daemon applications that have full read/write access to user's calendar in office 365 to get meeting notifications from Graph API. We have moved away from EWS because of constant issues and MS depreciating its use. There does not currently seem to be a way of restricting the scope of Office 365 Calendar.ReadWrite permission from the organization level to a group/user. Fortune 500 customers are worried that our application has access to all sensitive data inside their