I am trying to get signed in user's chat messages in a B2C Tenant. I am getting 401 Unauthorized error. Tried the same with graph explorer which is also giving same error. I am using https://graph.microsoft.com/beta/me/chats endpoint. As per MSDN documentation, I have already given permissions to my Azure app. When I am trying this with a non B2C tenant, the API call succeeds.
Please help me with this issue. Error I am seeing is given below.
{
"error": {
"code": "Unauthorized",
"message": "Unauthorized",
"innerError": {
"date": "2021-06-24T15:30:29",
"request-id": "f2804d78-59d2-4917-ae2e-cb73b3eb0872",
"client-request-id": "52452dfc-cae9-d409-92b9-9e9586cab6c3"
}
}
}
With some research I found out that B2C tenants don't allow Teams at the first place. I have switched to a B2B tenant and it started working like a charm.
Related
Here i am using Microsoft graph api for creating online meeting events but after generating toke when i am requesting to create an online meeting i am getting this error
{
"error": {
"code": "ResourceNotFound",
"message": "User not found",
"innerError": {
"date": "2021-09-01T17:54:57",
"request-id": "fa773652-e824-4c9e-af05-085e249fb489",
"client-request-id": "fa773652-e824-4c9e-af05-085e249fb489"
}
}
}
enter image description here
Based on the So thread reference,
Use Delegated permissions to create an onlineMeeting
You must log in as a user, and you cannot use the client credential flow. You need to use the auth code flow to obtain the token.
Ref link - Delegated Permission: https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=csharp
SO Reference: 404 error while creating Online Meeting using microsoft graph api c# without login into AzureActiveDirectory
I tried to create a call in Teams trough Microsoft Graph Api. I created a App with the given permissions but when i try to do the POST on: https://graph.microsoft.com/v1.0/communications/calls i get this error:
{
"error": {
"code": "UnknownError",
"message": "{\"errorCode\":\"7500\",\"message\":\"Unsupported AAD Identity.\",\"instanceAnnotations\":[]}",
"innerError": {
"date": "2020-11-11T14:38:43",
"request-id": "74ee843f-ba7e-4d87-b1e2-617c6fdce77c",
"client-request-id": "74ee843f-ba7e-4d87-b1e2-617c6fdce77c"
}
}
}
Token and everything looks good. If I change the token I get another error that this one is wrong.
To be honest my knowledge about Azure etc. is very low.
What Shiva said is right. You may have used a user token to call the API, so an error occurred. The API call currently only supports application tokens. You need to grant application permissions to the application and use the client credential flow to obtain Token.
I am trying to access Microsoft Graph API using Access token of b2c login.
Following are the endpoints azure portal showing.
As I feel we must be able to call https://graph.microsoft.com endpoints according to this. Please correct me if I am wrong. Then I generated access token as follows and Tried to call https://graph.microsoft.com/v1.0/me/ using that token.
The result is as follows.
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"date": "2020-08-25T11:58:07",
"request-id": "c6a9ba06-d41e-49f7-ba94-f75478ce89b0"
}
}
}
I have granted API permissions as follows in my application too
This wont work. Use the Azure AD flows in your AAD B2C tenant.
https://learn.microsoft.com/en-us/graph/auth-v2-service
I am setting up an app for modifying a Microsoft Teams account (teams/channels) through the Microsoft Graph API, but I can't get responses from all of the endpoints which I need to call.
I have followed the guide for creating an app with application permissions and acquired access (and refresh) token(s) succesfully.
Calling the https://graph.microsoft.com/v1.0/users/<user guid>/joinedTeams endpoint yields a response as follows:
{
"error": {
"code": "Unauthorized",
"message": "Unauthorized",
"innerError": {
"date": "2020-06-24T12:37:53",
"request-id": <guid>
}
}
}
while calling endpoints such as https://graph.microsoft.com/v1.0/users works as described. It would seem that the app hasn't gotten consent and/or permissions to access these, but after signup they are listed on the API permissions in the azure portal enterprise applications page, and the access token JWT contains the specified permissions as a roles object.
From the JWT:
"roles": [
"TeamSettings.ReadWrite.All",
"User.ReadWrite.All",
"Directory.ReadWrite.All",
"Group.ReadWrite.All",
"TeamMember.ReadWrite.All",
"Team.ReadBasic.All",
"GroupMember.ReadWrite.All",
"Member.Read.Hidden"
]
I have tried with the Directory.ReadWrite.All permission and also with the full permission list listed on the permissions page for the /joinedTeams endpoint and they all elicit the same error.
Curiously, according to this a 401 - Unauthorized response would be given for expired (or similarly invalid) tokens, however that seems to clearly not be the case as I can call other endpoints with that very token.
What am I missing?
Solved thanks to #MikeOliver
When I signed up for Teams it created another directory. Only that second directory had a Teams "license" (visible from the azure portal's License page).
I set up a new Application in microsoft azure and got the admin to consent application permissions for this app ( files.ReadWriteAll). I am able to get the access_token through POSTMAN. I am trying to get drive information using this endpoint
https://graph.microsoft.com/v1.0/drives/{drive-id}
But I get an error response :-
{ "error": { "code": "AccessDenied", "message": "Either scp or roles claim need to be present in the token.", "innerError": { "request-id": "905c7701-8b89-4711-9204-b00c4a09a921", "date": "2019-03-28T15:56:29" } } }
I used this link to get info on my access token.
http://jwt.calebb.net/
Files.Readwrite permissions don't seem to be listed anywhere in the info ( not sure why) . The azure site shows that consent was granted.
Azure permissions set up for my app:
Check the steps as below.
Register your app following this document, and Grant permissions.
get access token like this.
Check the token
Call graph api