Microsoft is great at documenting what it does, but everything reads like Encyclopedia Britanica. Simple guides, runbooks, and how-to articles are quite sparse, or at least hard to find.
My goal here is to walk you through interracting with the API.
Step 1: Register your application
The Microsoft guide on setting up and registering an application isn't horrible, so I'll skip over that part.
Step 2: Get your access token
This is where I started running into issues. You have to really DIG to find good information on some of this.
Sure, the Grand and Client parts are given to you, but I can't count the number of pages I skimmed to find the
part about resource
or scope
. Maybe that's because I don't have a ton of experience with OAUTH, or perhaps they
just didn't structure the documentation in a way that my feeble mind could grasp...
Regardless, you need resource
to tell OAUTH where you intend to use the access_token
, and apparently you need to pass
scope
so that OAUTH understands what actions you'll take (Don't forget .default
). It seems dumb to me, since you defined these when you were creating your app in Azure AD.
- name: "oauth"
uri:
# baseURL: login.microsoftonline.com/
url: "https://{{ baseURL }}{{ tennantID }}/oauth2/token"
method: POST
body_format: form-urlencoded
body:
grant_type: 'client_credentials'
client_id: '{{ applicationID }}'
client_secret: '{{ secretValue }}'
resource: 'https://graph.microsoft.com/'
scope: 'https://graph.microsoft.com/.defult'
register: oauth
Step 3: Use your token to look someone up
I felt this part was pretty straight forward. Match the Host
to the resource
so you don't get a bunch of Access token validation failure. Invalid audience
errors.
- name: "get user"
uri:
url: "https://graph.microsoft.com/v1.0/users/{{ userPrincipalName }}"
method: GET
body_format: json
headers:
Authorization: 'Bearer {{ oauth.json.access_token }}'
Host: 'graph.microsoft.com'
register: output
Step 4: -vvv is your friend
Just because I tend to error my way to success, I almost always run my playbooks with -vv
or -vvv
(depending on the
level of detail that I need) until I'm satisfied with the output, formatting, etc...