I am trying to use "https://graph.microsoft.com/v1.0/me/events" or "https://graph.microsoft.com/v1.0/me/onlineMeetings" to create online meeting programmatically.
I used help from many resources specially this
https://vikrantsdynamicsblogs.wordpress.com/2020/03/28/programmatically-create-the-teams-meeting/.
I have used this API to get token using password grant type
"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token" but the problem happened when I am calling "https://graph.microsoft.com/v1.0/me/onlineMeetings" I got 403 Forbidden
and when I am trying to call "https://graph.microsoft.com/v1.0/me/events" using the same access token I am getting this response
I have added delegate permission from Azure portal
Any Ideas why both are not working with me?
Authorization errors can occur as a result of several different issues, most of which generate a 403 error (with a few exceptions). We could refer to this doc to resolve Microsoft Graph authorization errors.
We cannot create online meeting via personal Microsoft account, if you are using work or school account, we need to ensure the account has the permission: OnlineMeetings.ReadWrite, if you are create online meeting via Application, we need OnlineMeetings.Read.All and OnlineMeetings.ReadWrite.All* permission, check this Create onlineMeeting and Online meetings permissions for more details.
Related
I get the error "OrganizationFromTenantGuidNotFound" while trying to access to my inbox messages.
To explain I am trying to develop an app and in this app I need to access my inbox e-mails.
So I try to use the Outlook API and for that I created an APP with all demanded permissions "Email.Read, Email.ReadBasics, Emails.ReadAll...". I have an Office 365 Family subscription, and an active paid azure subscription. My question is why getting my personal information works '/users/{user-id}' but when accessing to emails I got this error ? I read a lot of docs and never get an answer... Maybe my subscription does not get me access to Microsoft Exchange Online License, or due to my old microsoft address "...#live.com" maybe it is not compatible, I dont't know, if someone can help me to clear it out, would be great. Oh, and abviously my Office 365 and Azure account are the same.
I tried, with 'client credentials flow authentication' (which give me the error 'need more privileges'), went back to Authorization Code Flow Atuhentication but then I get the OrganizationFromTenantGuidNotFound error. But only on /messages endpoint, the endpoint users/{user-id} works. Obviously I tried all threads I found, even with an Office 365 Developer account but don't really see the correlation with my problem here.
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
My goal is to list the calendar events of an Office 365 group using the Microsoft Graph API.
The endpoint used is https://graph.microsoft.com/v1.0/groups/{id}/events based on the documentation. Using the Graph Explorer, I'm able to get the information with my delegated permissions. The problem is when I make the same call using application permissions. I'm positive JWT token contains the required roles to make the call (Group.Read.All, Group.ReadWrite.All) but I'm getting the following error:
Access is denied. Check credentials and try again
Curiously enough, I'm able to get the group /v1.0/groups/{id} but whatever is related to it's calendar and events isn't accessible.
Using application permissions to look at group resources/contents is not currently supported. Please see known issues here: https://developer.microsoft.com/en-us/graph/docs/concepts/known_issues#groups-and-microsoft-teams.
If this is required for your scenarios, please vote for
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/18747862-app-authentication-to-retrieve-conversation-messag or
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/16851937-allow-application-only-consent-to-read-conversation
Both of which are about app-only access to group conversations (similar to group events).
Otherwise please create a new user voice request.
How does an Office 365 administrator grant permissions for an email account to be accessed via the REST API? To be more specific: to grant the "Required Scope"
The Office 365 administrator at the company I work for and myself were on the phone for at least an hour with the people at mssupport_microsoft_com attempting to find an answer to this question. Both the first level and second level support people admitted they could not find the answer to this question. ??
The REST API is documented at: https://msdn.microsoft.com/office/office365/APi/mail-rest-operations.
Note that for each API endpoint there is a line that looks to me like a permissions value. For example for the "get messages" API there is:
"Required scope: Mail.Read". For the send message there is: "Required scope: Mail.Send" and for delete message there is: "Required scope: Mail.ReadWrite". Simple straight forward stuff.
I'm accessing my personal email for the company I work for and I am able to, via the aforementioned REST API's, send messages and fetch messages; NO PROBLEM. When I attempt to delete a message, the response is 403; Forbidden.
Assuming that my account has not been granted the correct permission for delete: Mail.ReadWrite, I contacted the Office 365 administrator at my company and requested that he review the permissions granted to my account and to grant me Mail.ReadWrite. He agreed that this must be the issue.
However, his training had not prepared him for this request. He didn't know how to do it. So, he contacted MS support to to find out how he(as the sole administrator) could grant my account permission to be accessed by the REST API. And, like I mentioned above, the ms people did not know how to administer this functionality.
I asked if there was an administrators guide ANYPLACE that would document this feature and the ms people didn't have a clue.
Anybody?
p.s. I'm accessing the api's with the python requests package.
Looking at the response in more detail revealed this is the problem:
{"error":{"code":"OAuthMissingForThisService","message":"Authentication for this service requires OAuth: outlook.office.com."}}
Trying to use the Unified API to fetch all groups. Using this URL - https://graph.microsoft.com/beta/myorganization/groups but getting 403 - code: "Authorization_RequestDenied", message: "Insufficient privileges to complete the operation".
However, it seems like I do have the right permissions - I have Group.Read.All in my token scope which is what's required by this API - see here.
Could it be because I'm using the Office 365 Unified API as another service (acquiring a separate access token) alongside the old existing code that already uses graph.windows.net?
You should be able to get the results back if the token has Groups.Read.All scp claim. Make sure you are getting a token for the right resource resource=https://graph.microsoft.com/. If you are unsure you can use this tool http://jwt.calebb.net/ to parse and validate you have the right audience claim.
Getting groups (read) worked fine with me in unified API Preview, with the following permissions:
Read and write all groups (preview)
Enable sign-in and read user profile
Try adding "Read and write all groups (preview)" not "Read All Groups (Preview)"
However, if you are trying to create a group, you will need to also add another directory permission (unfortunately will need admin consent):
Read and write directory data
these are very weird behaviors from Office365 unified APIs, but we should excuse the APIs as you can see "beta" inside the endpoint URL.