I've created a logic app that uploads a video file from OneDrive to VideoIndexer for processing.
Im getting an 401 error.
{
"ErrorType": "USER_NOT_ALLOWED",
"Message": "Access token does not have 'Contributor' permission. Trace id: '*****'."
}
** Im using a Trial account
** the error happened in callback url step
I tried to give a contributor access in the IAM account of my Media service.
When using a Trial account you need to retrieve a token using the dataplane API
https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Get-Account-Access-Token
Make sure you select "trial" as region and that you create a token with "edit" permission scope.
FvN
Related
I have been following this tutorial on how to create a SharePoint webhook subscription, and after authenticating and getting the access token, actually trying to send the request to add a webhook subscription to a SharePoint list through Postman gives me an "Access is denied HRESULT: 0x80070005" error:
Error message
Going into the Postman console to see a more verbose error message shows "917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically."
I have tried all of the following:
Gone into SharePoint to enable Sites.Manage.All permissions for my Azure AD App
Reauthorized with several accounts with various access levels
Verified that ngrok, my webhook receiver, and Azure AD App were all running and all connection strings/client ids/secrets were valid.
Could it be that I'm missing something else in regards to SharePoint permissions for my Azure AD App, or is it another issue?
I tried to reproduce in my environment its working fine getting the access token added webhook subscription to a SharePoint list through Postman
First, Check whether you are added content-type and accept in header
This error may cause because of some security issue postman is not authenticated and not authorized to get data from the SharePoint. For this try to register an app using your URL modify at end /_layouts/15/appregnew.aspx
For sample:
https://imu.sharepoint.com/sites/mirror/_layouts/15/appregnew.aspx
Hope you have access, try to register your app as below:
Here, you need to give permission to that particular app such as Full control permission as below snip link :
In App's permission request XML apply permission as below:
And, Click Create and pop up will display trust it. click trust it site setting tab will display if you click that site collection app permission your postman right side will display client id#tenant id
To get the access token click launchpad -> create request ->https://accounts.accesscontrol.windows.net/Tenant ID()/tokens/OAuth/2/
Try to add values in Body tab like
grant_type - client_credentials
Client_id - ClientID#TenantID
Client_secret - Clientsecret
resource - resource/siteDomain#TenantID
Make sure in your Url remove parenthesis in your TenanID and site domain is in your Url like ***.sharepoint.com
Finally, i have added Authorization in header and in value Bearer access token make sure to remember space between bearer and Your access token, I am getting result successfully without any Access Denied error.
For your Reference :
OfficeDev/TrainingContent
Revisit these things
App registered in AD is having AllSites.Manage permission (delegated) and admin consent granted.
While getting access token via postman, use scope as https://yourtenant.sharepoint.com/.default
headers : Content-Type = application/json, Accept = application/json;odata=verbose
i am trying to make the "Read" function of the azure cognitive services working.
I have created the cognitive services and got the 2 Ocp-Apim-Subscription-Key.
After i went to the API Console to test if it is working.
Select the same Location, past the key, send the image and got back "202 Accepted".
Then i went to link with the result but it says
{
"error": {
"code": "401",
"message": "Access denied due to invalid subscription key or wrong API endpoint. Make sure to provide a valid key for an active subscription and use a correct regional API endpoint for your resource."
}
}
Why?
I have tryed with the other key but still got the same error.
The other function, like OCR, are working correctly.
Any one has some ideas?
I am trying to retrieve the properties of an ItemAttachment, which is of message type. I have given all the required permissions and able to receive the ItemAttachment properties.
But when I use $expand to get further properties of the ItemAttachment message. I am getting Access Denied Error.
For what I have read it says that you need Mail.read permission which I have already given to my Azure AD application for Graph API and I am able to fetch all the messages but only when I try to use $expand to get the properties for the ItemAttachment which is of message type I am getting Access Denied.
I couldn't find any thing related to specific permissions that might be required for this to work on the microsoft doc (https://learn.microsoft.com/en-us/graph/api/attachment-get?view=graph-rest-1.0&tabs=java).
I also referred to a similar post (How to retrieve contents of an itemAttachment via the Microsoft Graph API) and do not find anything either.
Below are the details:
Java Code:
graphClient.me().messages(messageId).attachments(attachmentId)
.buildRequest()
.expand("microsoft.graph.itemattachment/item")
.get();
This generates a REST call something like below :
GET https://graph.microsoft.com/v1.0/me/messages/A2zjArAAA=/attachments/5AlfysT-Cz27w=?$expand=microsoft.graph.itemattachment/item
But I am getting below "Access Denied" error.
403 : Forbidden
Cache-Control : private
Content-Length : 101
Content-Type : application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
I have the following permissions for my application Azure Active Directory Application :
The microsoft graph API SdkVersion that I am using is : graph-java/v2.3.1.
I am not sure if I am missing anything here.
Appreciate if anybody can please guide me towards a solution for this .
As Shiva mentioned in comments, you use graphClient.me() in your code, but you assign Mail.Read permission of "Application" type. If assign "Application" type permission, it just requires client_id, scope, client_secret, grant_type to get access token. So the access token doesn't contain user info, ad do not know who is me, so the code graphClient.me() can't be recognized.
If you want to run the code(graphClient.me()...) success, you need to add permission Mail.Read in "Delegated" type but not "Application" type (follow the steps in below screenshot and also do not forget do grant admin consent).
As you are using application permissions it seams like you have a daemon application and the flow that you use for daemon applications will produce App token. This doesn't recognise /me because there is no user here. So try using /users/{userid}/messages.
I'm trying to get the users basic profile from Azure AD. I have a React Native app authenticating against a Native Azure AD App registration. The access_token I got from that request is used to authenticate against a Web app / Api. The user is shown the propper consent screen with the permissions I set in Azure AD.
Microsoft Graph API
Read all users' basic profiles
Sign in and read user profile
Windows Azure Active Directory
Read all users' basic profiles
Sign in and read user profile
(added both Graph API & AAD because I didn't know which one to use)
When I try and get the users profile through https://graph.microsoft.com/v1.0/users/me, with the access_token gotten from the previous request I get:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "00cdb708-bcf8-4b33-af21-14a046b16533",
"date": "2018-09-02T18:28:59"
}
}
}
The resource in my initial authentication request is the Web App / API's app id, and I don't think having 2 resources is an option (?).
What am I doing wrong, and what should I do to fix it? Thanks.
According to your descriptions, I assume you want to get the users profile, but get the error shows an invalid token.
Based on my test, the request URL that you posted is not correct.
It should be 'https://graph.microsoft.com/v1.0/me' or 'https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}'.
We can trouble shoot your problems as follows.
First, check request, if it has correct 'Authorization' field. This document shows that we need the Authorization field in the request headers.
Second, if you have added the Authorization field in the request headers, could you provide the main code that we can identify if problem is from there ?
While getting the access token add "resource" : "https://graph.microsoft.com/" and use that access token in header with Bearer than hit the url ---> https://graph.microsoft.com/me?api-version=1.6
Don't forget to add the resource while getting access token
Thank me later :P
We are trying to call the Azure AD graph API to get user information. For that we have followed the steps mentioned at https://github.com/OfficeDev/O365-ASPNETMVC-Start. But when we make a call to the https://graph.windows.net/microsoft.onMicrosoft.com/users/?api-version=1.0 URL and see fiddler response, we get an exception as below:
HTTP/1.1 403 Forbidden
Content-Type: application/json;odata=minimalmetadata
{
"odata.error":
{
"code":"Authorization_RequestDenied","message":
{
"lang":"en","value":"Insufficient privileges to complete the operation."
}
}
}
We tried following the steps mentioned at Insufficient privileges to complete the operation when using service principal to create Azure AD Application but got message indicating that appid doesnt have admin permissions to perform the changes. Please help.
As shown in this image, change permissions in Your registered Bot Application to get permissions.
and also Check your "Scope" parameter in URL.