MIP SDK fails to protect files
I'm using MIP file sample command line interface to apply labelling. When trying to apply a label that has protection set, i got "Label requires ad-hoc protection, but protection has not yet been set" error. Therefore, I tried protecting the file using "--protect" option and got the following error message: "Something bad happened: The service didn't accept the auth token. Challenge:['Bearer resource="https://aadrm.com", realm="", authorization="https://login.windows.net/common/oauth2/authorize"'], CorrelationId=ce732e4a-249a-47ec-a7c2-04f4d68357da, CorrelationId.Description=ProtectionEngine, CorrelationId=6ff992dc-91b3-4610-a24d-d57e13902114, CorrelationId.Description=FileHandler"
This is my auth.py file:
def main(argv):
client_id = str(argv[0])
tenant_id = str(argv[1])
secret = str(argv[2])
authority = "https://login.microsoftonline.com/{}".format(tenant_id)
app = msal.ConfidentialClientApplication(client_id, authority=authority, client_credential=secret)
result = None
scope = ["https://psor.o365syncservice.com/.default"]
result = app.acquire_token_silent(scope, account=None)
if not result:
logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
result = app.acquire_token_for_client(scopes=scope)
if "access_token" in result:
sys.stdout.write(result['access_token'])
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You may need this when reporting a bug
if __name__ == '__main__':
main(sys.argv[1:])
I tried to change the scope to ["https://aadrm.com/.default"] and then I was able to protect the file, but when I try getting the file status or try applying label on it I get the same error message with bad auth token.
These are the permissions as configured in azure portal:
Thank you
I think that scope you have is incorrect: https://psor.o365syncservice.com/.default
It should be https://syncservice.o365syncservice.com/.default.
A good way to handle this is to just append .default to whatever resource the AcquireToken() call gets in the resource param. Something like this.
- Sensitivity label removal works for one label but fails for another
- Error applying specific sensitivity label using Microsoft Information Protection SDK in C# (AdhocProtectionRequiredException)
- What are the tradeoffs between the different MIP SDK options for the bulk assignment of sensitivity labels?
- Exception decrypting .msg files using MIP SDK: NoPolicyException: Label policy did not contain data
- Unable to acquire a token in IAuthDelgate of the microsoft information protection sdk
- MIP label visibility issue
- Graph API: How do I get sensitivityLabel list using graph api
- How to generate an accessToken to use with Microsoft informationprotection Java SDK
- Adding Unified Label to outgoing Outlook email via Powershell script
- Programmatically apply sensitivity labels to file - Can fetch labels but not apply them
- MIP SDK fails to use DKE sensitivity label
- LoadLibrary failure when loading x64\mip_file_sdk.dll
- API to get MIP label from a file residing on remote share
- VSTO Sample code For Sensitivity label Ribbon Item OnClick Events in C#
- AD RMS with Mobile Device Extension for on-prem rpmsg decryption fails with "The service didn't accept the auth token"
- MIP SDK fails with an error when attempting to decrypt rpmsg using ADRMS and the MDE
- MIP SDK: Applying Sensitivity Label to Doc file, unable to open it
- MIP SDK fails to protect files
- MIP SDK Java Wrapper Sample Fails to Start
- Failed to initialize OneDS
- MIP Ubuntu on Cloud Foundry
- MIP - Migration from AIP
- MIP SDK - What are the available UserRights in MIP SDK?
- Microsoft.InformationProtection.File.Ubuntu1804 - Load library failed for libmip_dotnet.so
- MIP SDK Getting Access Denied error while invoking profile AddEngineAsync
- MIP SDK 1.7.133 .NET Core 3.1 support
- MIP SDK setting unexpected ContentBits metadata
- Microsoft information protection SDK 1.7.133 - Load library failed issue error
- Microsoft.InformationProtection.Exceptions.AccessDeniedException: The service didn't accept the auth token
- How can we encrypt a PDF file using MIP SDK?