How to use Yammer API using AAD authentication method

Question

I'm trying to use AAD authentication for my Yammer connection but I'm getting this error so any help or suggestion would be really apprecaited.

| No user id found for O365 JWT

$ClientId = ""
$SecretID = "" 
$tenantid = ""
$GroupID  = '12856115'
$Params = @{
    "URI"     = "https://login.microsoftonline.com/$TenantID/oauth2/token"
    "Body"    = "client_id=$ClientID&client_secret=$SecretID&resource=https://graph.microsoft.com&grant_type=client_credentials"
    "Method"  = 'POST'
    "Headers" = @{
        "Content-Type" = 'application/x-www-form-urlencoded'
    }
}

$Result = Invoke-RestMethod @Params

$GroupCycle = 1
$Params1 = @{
    "URI"            = "https://www.yammer.com/api/v1/users/in_group/$GroupId.xml?page=$GroupCycle"
    "Method"         = 'GET'
    "Authentication" = 'OAuth'
    "Token"          = (ConvertTo-SecureString -String $Result.access_token -AsPlainText -Force)
}
$Members = Invoke-RestMethod @Params1
$Members.Value

Answer 1

Note that, you are using client_credentials flow that won't work with Delegated permissions. In addition to that, you are passing wrong resource to get Yammer token that's giving you the error.

I registered one Azure AD application and granted API permissions to it like below:

Now, I generated access token using client credentials flow via Postman by passing same resource as you like below:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret:<secret>
resource: https://graph.microsoft.com

Response:

When I used above token to call Yammer API, I got same error as you like below:

GET https://www.yammer.com/api/v1/users.json

Response:

To resolve the error, you need to use Delegated flows like authorization code flow, username password flow etc... with resource as https://api.yammer.com to generate access token.

In my case, I used username password flow and generated access token like below:

POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:password
client_id:<appID>
client_secret:<secret>
resource: https://api.yammer.com
username: [email protected]
password: **********

Response:

When I used this token to call Yammer API, I got response successfully like below:

GET https://www.yammer.com/api/v1/users.json

Response:

In your case, modify your powershell script by changing resource and grant_type like below:

$ClientId = "appID"
$SecretID = "Secret" 
$tenantid = "tenantID"

$Params = @{
    "URI"     = "https://login.microsoftonline.com/$TenantID/oauth2/token"
    "Body"    = "client_id=$ClientID&client_secret=$SecretID&resource=https://api.yammer.com&grant_type=password&[email protected]&password=********"
    "Method"  = 'POST'
    "Headers" = @{
        "Content-Type" = 'application/x-www-form-urlencoded'
    }
}

$Result = Invoke-RestMethod @Params

$Params1 = @{
    "URI"     = "https://www.yammer.com/api/v1/users.json"
    "Method"  = 'GET'
    "Headers" = @{
        "Authorization" = "Bearer $($Result.access_token)"
    }
}

$Members = Invoke-RestMethod @Params1

$Members

Response: