I'm trying to build a small application that can retrieve a particular user's calendar events without a signed in user, that is to utilize the application permissions in Graph API and query the events by authenticating with App ID, Tenant ID and Secret values. I was able to follow this documentation https://learn.microsoft.com/en-us/graph/auth-v2-service and generate JWT tokens to query the graph API. And it worked fine when i tried to retrieve all the users information, or even retrieve a particular users information using the following paths.
/users
/users/{id | userPrincipalName}
Both the above endpoints worked fine and i was able to retrieve details, but when i tried to access the calendar events of a particular user using the following Graph API path
/users/{id | userPrincipalName}/events
I get the following error,
I'm not sure what i'm doing wrong here, i have the following Application permissions set up in Azure AD Portal and the permissions are reflected in the JWT token.
I feel like the token generation part is working fine since the first two Graph API endpoints i mentioned above are functional, but I'm not sure where else I'm going wrong and as to why I'm not able to retrieve a particular user's calendar events. Any help would be much appreciated.
Related
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
I am trying to implement functionality where I can get list of documents from share-point.I have tried this demo code from Azure directory implementation and login to account and also got details about sites and user data from graph API.
https://github.com/Azure-Samples/ms-identity-android-kotlin
I am able to get site data from graph API :
But when I am trying to get list then getting error or no value
I have also passed this authorization token to REST API but that too doesn't work.
You can try with scope Sites.ReadWrite.All instead of User.read, as I tested it using Graph Explorer and I got access denied as the scope permission was not consented. After I consent the permission, it worked .
Example 1:
Before Consent:
After Constent:
I have created a test list on the Communication Site.
After that when I query for lists , I successfully get the above one I created.
Example 2 :
I also tested it using a Application registered to Azure AD. It didn't return me any error or any value as well when I queried for lists using that app's credential's from Powershell.
After I add Sites.ReadWrite.All to the App's API permission's .
I can successfully get the Values of the lists.
To summarize it , it could be resolved in 2 ways :
Changing the Scope shown on the screenshot given by you to Sites.ReadWrite.All instead of User.Read.
Adding API permissions to the APP registration in the Azure AD for Microsoft Graph as shown in the example 2 second image.
In the azure graph I have a list of users, some of which can be assigned to enterprise applications(my registered app). How can we get users of a specific application using the graph api(with Postman)?
with this api i get list of all users without depending on application application
https://graph.microsoft.com/v1.0/users
also tried find some information about applications from users license by id, but still no success
POST /users/{id | userPrincipalName}/assignLicense
and from application information
GET /applications/{id}
i have a full stack of permissions for graph api for users, directories, application both for the delegated user and for the application so this is definitely not the problem.
I hope for your help, thanks!
You can use this api below to list all users or groups assigned to an app:
https://graph.microsoft.com/beta/servicePrincipals/{id}/appRoleAssignedTo
For more information about this api, please refer to this tutorial.
My goal is to list the calendar events of an Office 365 group using the Microsoft Graph API.
The endpoint used is https://graph.microsoft.com/v1.0/groups/{id}/events based on the documentation. Using the Graph Explorer, I'm able to get the information with my delegated permissions. The problem is when I make the same call using application permissions. I'm positive JWT token contains the required roles to make the call (Group.Read.All, Group.ReadWrite.All) but I'm getting the following error:
Access is denied. Check credentials and try again
Curiously enough, I'm able to get the group /v1.0/groups/{id} but whatever is related to it's calendar and events isn't accessible.
Using application permissions to look at group resources/contents is not currently supported. Please see known issues here: https://developer.microsoft.com/en-us/graph/docs/concepts/known_issues#groups-and-microsoft-teams.
If this is required for your scenarios, please vote for
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/18747862-app-authentication-to-retrieve-conversation-messag or
https://officespdev.uservoice.com/forums/224641-feature-requests-and-feedback/suggestions/16851937-allow-application-only-consent-to-read-conversation
Both of which are about app-only access to group conversations (similar to group events).
Otherwise please create a new user voice request.
This was working fine for many months and now it's just a blank space. I get the following error: Error from Instagram: The access_token provided does not match an approved application. How can I get a new access_token for an existing client??
You need to check you application hasn't been put into sandbox by Instagram. They made big changes to their API on the 1st of June and if you had it submitted your app for review it will be put in sandbox mode and only sandbox users will be able to use it.
Even if you are not in sandbox mode you may need to get your users to reaurhorize your app due to new scopes being used to control access to everything other than basic user information.
Check Instagram Developer Docs for more information on the changes
You need to check your Access token's Scope and asking for login permission
where some new Scope had been added ex:public_content Added. Also don't forget to check for requirements Scope for API you are using and if it's need and Authentications "Valid access Token". where also had some changes.
basic - to read a user’s profile info and media
public_content to read any public profile info and media on a user’s behalf
follower_list to read the list of followers and followed-by users
comments - to post and delete comments on a user’s behalf
relationships - to follow and unfollow accounts on a user’s behalf
likes - to like and unlike media on a user’s behalf
And take look about **Sandbox API behavior of your application not life yet :**
API Behavior
The behavior of the API when you are in sandbox mode is the same as when your app is live, but comes with the following restrictions:
Data is restricted to sandbox users and the 20 most recent media from each sandbox user
Reduced API rate limits
The first point is important and it means that the API behaves as if the only users on Instagram were your sandbox users, and the only media ever posted were the last 20 for each of these users.
For example, if you query the /users/{user-id}/ endpoint and the {user-id} is a sandbox user, then you will get the normal API response; but if the {user-id} is not a sandbox user, you will get a APINotFound error.
As another example, let's consider an endpoint that returns a list of media: /tags/{tag-name}/media/recent. The response returned by this endpoint will contain only media with the given tag, as expected. But instead of returning media from any public Instagram user, it will return only media that belongs to your sandbox users, restricted to the last 20 for each user.
Good luck
The following video clearly explains what steps to follow to get this working with the new auth
https://www.youtube.com/watch?v=0k4RhTS94Hw
Kind Regards
Sandeep Sahoo