Azure-docs: Connecting Digital Twin to Postman...cannot get response, incomplete instructions?

Created on 20 Aug 2019  Â·  22Comments  Â·  Source: MicrosoftDocs/azure-docs

Hello

I have been following the tutorial here and have successfully completed every step up to "Make a multipart POST request". However, when I try to get a simple GET request, I cannot get a response from the server. The instruction imply I can simply make a request and not have to do anything else, so I'm not sure how to troubleshoot. My setup is as follows:

  • No Params
  • Authorization: OAuth 2.0, add auth to "Request Headers", and using access token I got from previous step
  • Headers: Content-type = application/json
  • Body: none
  • Request: (GET) MY_MANAGEMENT_API_URL/api/v1.0/spaces

It is also worth noting that the screenshots and instructions for setting a reply URL in the section _Configure Azure Active Directory to use the OAuth 2.0 implicit grant flow_ are incorrect and outdated, and not representative of how that step has to be done as of writing this message.


Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri3 assigned-to-author digital-twinsvc doc-bug triaged

Most helpful comment

Hi @Nicholas-I let's double check a few things, what is the authorization url that you're using? What is the audience of the token? You can view the audience ("aud") using a tool such as https://jwt.io and pasting in your token. Your audience should be 0b07f429-9f4b-4714-9392-cc5e8e80c8b0, the resource as specified by the auth url.

All 22 comments

Hi @Nicholas-I Thanks for the feedback! I have assigned the issue to the content author to evaluate and update as appropriate.
Note: related to issue https://github.com/MicrosoftDocs/azure-docs/issues/28663

@Nicholas-I - I've gone ahead and made a couple improvements to the document (which you should see shortly):

  1. The images for setting up the implicit grant flow used the previous layout of the panel but the instructions should be the same within the new AAD blade. I've updated those to reflect the JSON configuration settings presently available.
  2. The MY_MANAGEMENT_API_URL should be https://YOUR_INSTANCE_NAME.YOUR_LOCATION.azuresmartspaces.net/management/api/v1.0.

I am able to call my test instance at:

https://v-adgera-dt.westus2.azuresmartspaces.net/management/api/v1.0/spaces

using the configuration above along with an access token. I get:

[
    {
        "id": "ad604988-5297-4c24-a14d-2fb8fdb73fc3",
        "name": "Floor 1",
        "typeId": 14,
        "parentSpaceId": "f026414e-b4b2-4346-9819-fa5e81f2c598",
        "subtypeId": 13,
        "statusId": 12
    },
    {
        "id": "597271f1-031a-4e3f-ba58-5da7ce339ed6",
        "name": "Area A",
        "typeId": 14,
        "parentSpaceId": "ad604988-5297-4c24-a14d-2fb8fdb73fc3",
        "subtypeId": 13,
        "statusId": 12
    },
    {
        "id": "2a39e652-5835-46c4-8a6e-68002743a1f3",
        "name": "Conference Room 11",
        "typeId": 14,
        "parentSpaceId": "ad604988-5297-4c24-a14d-2fb8fdb73fc3",
        "subtypeId": 13,
        "statusId": 12
    },
    {
        "id": "9d835f45-9a33-49ca-84cb-ac5c8bea809e",
        "name": "Focus Room A1",
        "typeId": 14,
        "parentSpaceId": "ad604988-5297-4c24-a14d-2fb8fdb73fc3",
        "subtypeId": 13,
        "statusId": 12
    },
    {
        "id": "f026414e-b4b2-4346-9819-fa5e81f2c598",
        "name": "Quickstart Building",
        "typeId": 14,
        "subtypeId": 13,
        "statusId": 12
    }
]

1

Can you confirm whether you get a valid JSON response back? Thanks!

Hi @KingdomOfEnds I just made a request and still "could not get any response", even after getting a new token (which ended up being the same as the previous token). And I know my url is correct: https://testdocdt.eastus.azuresmartspaces.net/management/api/v1.0/spaces

EDIT: @KingdomOfEnds I had to edit my proxy settings for the request to go through. Now this is what I get as a response:
{
"message": "Authorization has been denied for this request."
}

But I can still get tokens, and I am using the ones I get in the request headers, so I don't know why it is unauthorized. Is there something extra I need to do in the Azure portal?

Hi @Nicholas-I! First, I'm sorry to hear that and I'm glad you're able to access the API's. Proxy settings, CORS, or other server/IP configuration settings can impact your ability to connect. Sounds like we're in a good place regarding those. Hmmm …. Depending on your security settings, you may need to contact the Super Administrator of your Azure tenant or subscription to see if your account can be accessed. Is the subscription and tenant you are on owned by you solely?

@KingdomOfEnds yes, it is owned by me. I have the role "Global Administrator" and these are the permissions on my Azure AD App (see included picture)
azure ad

Other things that may be relevant:

  • When I added the callback URL for Postman, I put it of type "Web" in the manifest
  • Over the last weekend, by account changed from Free to Pay-As-You-Go

@Nicholas-I - Thanks! The "Web" entry does need to be modified to "Public client (mobile & desktop)" otherwise you'll receive an error. I updated the images to reflect this change previously:

aad

If you make that change are you able to get a response? Thanks again!

@KingdomOfEnds I made the change and saved, then got a new token (which, as usual, is identical to the other tokens I have recieved). I still get a 401 unauthorized error.
If you no longer have any suggestions, all I can think of is that there is still some network setting on my work computer that I am missing.

@Nicholas-I - I am unable to duplicate that error despite trying a number of AAD settings. I've reached out to the Engineering team to see if there's something else amiss here. Thanks.

Hi @Nicholas-I let's double check a few things, what is the authorization url that you're using? What is the audience of the token? You can view the audience ("aud") using a tool such as https://jwt.io and pasting in your token. Your audience should be 0b07f429-9f4b-4714-9392-cc5e8e80c8b0, the resource as specified by the auth url.

@Nicholas-I - I also just checked my client - are you using Postman as directed or CURL? Assuming that the audience is configured correctly, when you get a new token in Postman, you must select the new token (the access token might be very very similar … in fact almost the same though it will also vary slightly - you can check your access token using a diff tool that will help you to ensure that they are unique). I plugged in several old access tokens and encountered the 401 scenario you did. Can you check the audience and which token you've selected? Thanks!

token

EDIT: I've attached an image above which depicts the numerous tokens I have to choose from. Selecting the most recent one may resolve the issue and allow you to connect without a 401.

@lyrana The audience does not seem to be correct, it is "28c44208-8f77-45c4-8e6c-67e145282f32".
@KingdomOfEnds I am always using the latest token that I have.

@Nicholas-I - Glad to hear it. Are you able to retrieve your response?

@Nicholas-I - Glad to hear it. Are you able to retrieve your response?

Unfortunately, no.

Let's verify that the Authorization URL used is what we'd want. From the article:

https://login.microsoftonline.com/YOUR_AZURE_TENANT.onmicrosoft.com/oauth2/authorize?resource=0b07f429-9f4b-4714-9392-cc5e8e80c8b0

I'm surprised you were able to get a token back at all if you weren't using the right resource. Can you also clear out all of your token cache in your client? Additionally, in Postman, if you select Available Tokens rather than a specific one, it will update the token to the most recent one. So, once you have cleared out all preceding tokens just to make sure you're not using them on accident, make sure that each token setting is configured correctly.

@KingdomOfEnds I followed your advice on that latest post, and my Auth URl is correct, and still no go. Also, my audience was correct, I missed the part of lyrana's post that said it should be "the resource as specified by the auth url".
This issue can be closed if there are no other suggestions or guesses. All I got left is that _maybe_ there is a security setting on my work machine that I don't know of.

@Nicholas-I - I appreciate your suggestions for improvement and glad we were able to progress through some of these hurdles. As far as your access token goes, it should vary from request to request. So the fact that it's exactly the same seems a bit fishy to me. I might look into that a bit more. Please update us if you have any other questions. Thanks!

@KingdomOfEnds They are not ALL the same, that was a mistake I made on my part. I did not read far enough past the first few characters, which seem to be in every toke. Every time I generated a new token, they were unique.

No worries - I think by default the client gives every token the same name as well. If you're like me, I rarely rename my access tokens which can occasionally lead to confusion on my part!

@KingdomOfEnds I found the issue. My subscription upgraded, by all my resources were tied to the Disabled Free Plan. Apparently, resources cannot be moved from disabled subscriptions, so I have to restart from scratch it seems.
Thank you and all involved for taking the time to assist me.

@Nicholas-I - Subscriptions that are disabled or removed under a tenant will no longer have their resources accessible by API. You can still manage those in the portal. However, I do believe there is a way to migrate those resources: https://docs.microsoft.com/azure/azure-resource-manager/resource-group-move-resources which will hopefully save you some time and prevent needing to start completely from scratch.

@Nicholas-I Have you had a chance to see the above response?

@AshokPeddakotla-MSFT @KingdomOfEnds Yes I have. I would like to close this issue. I believe that the error is with my individual instance, and not the documentation.
Although I did not find a solution yet, my team has decided to pursue other options for reasons unrelated to my query, so I am no longer looking into it. If I come back to this, I will try to get on the line with technical support.

Was this page helpful?
0 / 5 - 0 ratings