How to get a list of users from azure graph API

Question

I am trying to get a list of users from azure ad using graph api. I have got the access token by using the below query:

https://login.microsoftonline.com/<tenant-Id>/oauth2/token

I got below response:

{
    "token_type": "Bearer",
    "expires_in": "3600",
    "ext_expires_in": "3600",
    "expires_on": "1559555742",
    "not_before": "1559551842",
    "resource": "https://graph.microsoft.com",
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEQ29NcGpKWHJ4VHE5Vkc5dGUtN0ZYUy1XcWZRa2RmUmVnSVJfWE4yLXdYSFZwLXJKdlltcWVzTzAwSmd1V2dJOVVQUVBWbldScjhtZjM1SHhXblhFcWhIMVlWY1Y2NlYS00ZTE1LTQ0NWEtOTM0Ni02YTBhOGQxN2UxOTYvIiwib2lkIjoiYzE0YzFlYmEtYzExMS00ZmMxLTllYjAtYTJmNGMwNjg4MDEyIiwic3ViIjoiYzE0YzFlYmEtYzExMS00ZmMxLTllYjAtYTJkKgCbMg5jElY2I83cKpRos6Jti3SUYIVTYiyF__gMsKzCQWgRZFUWnTi7syaypCrPEExPw_OMRJMNMOrYixTBZjwUi0H6ThGNxQOMt5mXhzvlVYRMdyChdmv4r2-JK-LX9yjBN8BWG78e3FYhWQCRERh5H3zNpdX1ln79QY38mhn-XJViA2vX-VCYqZhoUo-c_iR-_HZ3CLCHxRxgRHtT_oGXuX1Kegxo3F6FsuQ2Vj1WT5VjCRGCi71pY_lU_EROzkLdefS84fur4jBawvd1ccCf8u9U0kYy3xu0m02wNxKPe2Weg"
}

Once I have the token, I am referring to this link and using below url to get the user list:

https://graph.microsoft.com/v1.0/users

and also passing the token in header but getting below error:

{
    "error": {
        "code": "InvalidAuthenticationToken",
        "message": "CompactToken parsing failed with error code: 80049217",
        "innerError": {
            "request-id": "f03e6cc4-1888-406d-9ee4-2558b96e7fb4",
            "date": "2019-06-03T09:22:30"
        }
    }
}

I am doing this from postman as of now but later have to do it from python script. Can anyone please suggest what is wrong here. Thanks

Answer 1

It seems you are trying to fetch user list using Microsoft Graph. To do that see the following steps:

Azure portal Permission:

Go to your Azure portal tenant and set below permission on "API permissions" menu. See the screen shot below:

See the Application Permission Like below:

Do the same for dedicated permission. See the dedicated permission below

Your Permission should look like below:

Request for Token:

Send request to your token endpoint with your credentials. Like below:

Decode Token and Check Permission:

Once you get your token make sure on https://jwt.io/ that your token contains required permission like below:

Request For User List

In this stage add your token on Type as bearer token, paste your token on Token text box and click send:

Get The Users List:

You will get your User List as specified in below screen shot.