I am trying to implement functionality where I can get list of documents from share-point.I have tried this demo code from Azure directory implementation and login to account and also got details about sites and user data from graph API.
https://github.com/Azure-Samples/ms-identity-android-kotlin
I am able to get site data from graph API :
But when I am trying to get list then getting error or no value
I have also passed this authorization token to REST API but that too doesn't work.
You can try with scope Sites.ReadWrite.All instead of User.read, as I tested it using Graph Explorer and I got access denied as the scope permission was not consented. After I consent the permission, it worked .
Example 1:
Before Consent:
After Constent:
I have created a test list on the Communication Site.
After that when I query for lists , I successfully get the above one I created.
Example 2 :
I also tested it using a Application registered to Azure AD. It didn't return me any error or any value as well when I queried for lists using that app's credential's from Powershell.
After I add Sites.ReadWrite.All to the App's API permission's .
I can successfully get the Values of the lists.
To summarize it , it could be resolved in 2 ways :
Changing the Scope shown on the screenshot given by you to Sites.ReadWrite.All instead of User.Read.
Adding API permissions to the APP registration in the Azure AD for Microsoft Graph as shown in the example 2 second image.
Related
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
I am successfully using ResolveName to get most of the contact information I need.
Below is the code I am using:
PropertySet itempropertyset = new PropertySet(BasePropertySet.FirstClassProperties);
NameResolutionCollection match = await mailClient.Service.ResolveName(customerEmail, ResolveNameSearchLocation.DirectoryOnly, true, itempropertyset);
I am querying against my Office365/Azure AD tenant.
One of the values I need is not being returned though.
I would like to get the user/contact's Object ID as shown in the Azure Portal - Azure Active Directory - Users - Basic Info screen.
Is that possible using EWS Managed API?
Regards.
You cannot get Azure AD user's object ID using EWS Managed API. Alternatively, you can make use of Microsoft Graph API.
I tried to reproduce the same in my environment via Graph Explorer and got below results:
I have Azure AD user named Sri in my tenant with below properties:
To get the Azure AD user's details via Graph API, I ran below query:
GET https://graph.microsoft.com/v1.0/users/user_principal_name
Response:
To get only object ID of an Azure AD user, you can include $select in the query like below:
GET https://graph.microsoft.com/v1.0/users/user_principal_name?$select=id
Response:
Before running the above queries, make sure to grant consent to required permissions like below:
Go to Graph Explorer -> Modify permissions -> Click on Consent
You will get consent screen and click on Accept like below:
After granting the consent, you can run the queries successfully.
I'm trying to build a small application that can retrieve a particular user's calendar events without a signed in user, that is to utilize the application permissions in Graph API and query the events by authenticating with App ID, Tenant ID and Secret values. I was able to follow this documentation https://learn.microsoft.com/en-us/graph/auth-v2-service and generate JWT tokens to query the graph API. And it worked fine when i tried to retrieve all the users information, or even retrieve a particular users information using the following paths.
/users
/users/{id | userPrincipalName}
Both the above endpoints worked fine and i was able to retrieve details, but when i tried to access the calendar events of a particular user using the following Graph API path
/users/{id | userPrincipalName}/events
I get the following error,
I'm not sure what i'm doing wrong here, i have the following Application permissions set up in Azure AD Portal and the permissions are reflected in the JWT token.
I feel like the token generation part is working fine since the first two Graph API endpoints i mentioned above are functional, but I'm not sure where else I'm going wrong and as to why I'm not able to retrieve a particular user's calendar events. Any help would be much appreciated.
I am not sure if I am on the right path, but I am attempting to retrieve my contacts within an Azure Function. I don't need to present a login as this is only for my account. I just want to be able to retrieve my Contacts from the Graph without having to explicitly authenticate. Is this possible? My attempts have failed and I ultimately get stuck trying to add permission...
When I click to add Permission, I get this error:
I am trying to use AAD to authenticate. I tried creating the function within the Portal and also from VS. Any suggestions? Thanks!!
You could follow the steps below to fix the issue.
1.Navigate to the Authentication / Authorization of your function app, click the red frame part like the screenshot.
Go to Manage Permissions -> Add -> select the Windows Azure Active Directory API and Sign in and read user profile permission
Then refresh the portal, it will work fine.
I'm trying to update an existing Azure app but unable to save and the website throws an error 'Failed to update manifest: ObjectConflict'
I'm updating the field called 'identifierUris'. It's a list and there is one element already and I'm trying to add another there.
Can't seem to find what this error is about. Has anyone encountered this before?
It is very likely you are trying to add a value to identifierUris which is already present in another app. Each value in identifierUris must be unique to a single Application object in Azure AD.
To check if it's already present on an app in your tenant, you can use Azure AD PowerShell to do a simple search to see if that's the case:
Get-AzureADApplication -Filter "identifierUris/any(c:c eq 'http:/example.com/id-uri')"
You could also do the query using the Azure AD Graph Explorer (and signing in with your Azure AD account):
https://graph.windows.net/myorganization/applications?$filter=identifierUris/any(c:c eq 'http:/example.com/id-uri')
I also ran into this when writing some samples. The other answer is correct that there is another app that has already defined those identifierURI's under your AAD tenant. But it only needs to be defined under one app. You can create another app / client ID in AAD under the tenant that doesn't have the identifierURI's the docs say you need and it will work to get the right token / Store ID.
I did this with my sample where another client had already defined them and hit this error. I just went ahead anyways with the rest of the setup docs and got it working requesting the right authorization / bearer tokens. Just know that for the commerce ones, I had to re-publish my app to the store before I started to see results otherwise I was just seeing blank results.