APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Accessing Azure

Soeren DOct 17 2023

We are using APEX with Azure. We check for group membership with the /me graph:

 apex_web_service.make_rest_request (
      p_url => 'https://graph.microsoft.com/v1.0/me/memberOf?$select=id&$count=true&$top=999',
      p_http_method   => 'GET');

which works fine but when we ask for membership of a group with the call:

l_graph :=  'https://graph.microsoft.com/v1.0/groups/'
                || p_group_id
                || '/members?$select=userPrincipalName&$count=true&$top=999';
l_clob := apex_web_service.make_rest_request (p_url => l_graph,
	    p_http_method   => 'GET');

using the right:

    GroupMember.Read.All

an error is returned:

"{"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2023-10-17T08:31:31","request-id":"22cb3e4f-6a93-4458-9218-960bc03269ca","client-request-id":"22cb3e4f-6a93-4458-9218-960bc03269ca"}}}"

Is that because the Azure authentication scheme is only intended for traversing the /me graph? We tried to set GroupMember.Read.All in Scope in Azure authentication scheme but it lead to a user escalation which does not make sense in this case.

Can we use secrets etc. to access resources outside the /me graph?

Thank you in advance

Kind regards
Soeren D.

This post has been answered by Mike Kutz on Oct 19 2023

Jump to Answer

Added on Oct 17 2023

#azure

18 comments

1,033 views

2 mentions