I'm using Graph to get all users on my sharepoint online site. The code works just fine expect for one example.
I've the sharepoint users is synced from azure ad, then im not able to get the properties of the user.
Here is the webApiPermissionRequests:
"webApiPermissionRequests": [
{
"resource": "Microsoft Graph",
"scope": "User.ReadBasic.All"
},
{
"resource": "Microsoft Graph",
"scope": "Contacts.Read"
},
{
"resource": "Microsoft Graph",
"scope": "User.Read.All"
}
]
The request where i get my users:
const users: MSGraphClient = this.context.serviceScope.consume(MSGraphClient.serviceKey);
users
.api("/users")
.select("displayName,mobilePhone,mail,photo,department,jobTitle,mailNickname")
.top(999)
.get((error, response: any, rawResponse?: any) => {
As i said, Everything works just fine expect when a user is imported from the Azure AD.
Can anyone tell me why all properties except displayName is null when it's an imported user.
UPDATED
I've added a picture. It' is only the Mobile Phone number (Mobiltelefon) that I'm able to get with the api above. The rest of the data and information is not being received. Let's take Office (Kontor) is coming from the azure add and is not is NOT being received in the API.
According to your description, you want to get the user's properties by MS Graph API.
Based on my test, we can get the properties. For your case, we should check the properties whose the value is null.
Check the properties in Azure AD whether it is null.
Related
In my application, I have a list of users with their organization email-id. As per the requirement, I want to check user's email-id extension is of a valid Microsoft 365 account. For users who passed this check, I want to enable the SSO feature.
Example: If the user email-id is "user#company-domain.com" then I want to check that "#company-domain.com" is registered in MS 365.
I am not able to find any graph API to resolve this issue.
Any help would be appreciated.
What you should be able to use is the Organizations endpoint eg
https://learn.microsoft.com/en-us/graph/api/organization-get?view=graph-rest-1.0&tabs=http
then use the verified domains node
"verifiedDomains": [
{
"capabilities": "Email, OfficeCommunicationsOnline",
"isDefault": true,
"isInitial": true,
"name": "Contoso.com",
"type": "Managed"
}
This is what you see in the Portal or enumerated in things like Azure AD Connect
This will give you the verified domains for a particular org and your app will need permissions to query it.
When doing a Microsoft Graph /search/query POST such as:
{
"requests": [
{
"entityTypes": [
"event"
],
"query": {
"queryString": "MySearchedText"
},
"from": 0,
"size": 2
}
]
}
The result is fine when I use a personal Microsoft 365 account. But when I use another Microsoft 365 account created by specifying a Yahoo address, it fails, even though I have authorized the calendars.readwrite, user.read and mailboxsettings.read permissions (just like I did with the personal MS account):
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2021-02-14T18:01:59",
"request-id": "c064b190-a39a-4e77-bdc2-fa3d25ebdb90",
"client-request-id": "f78443a1-1d27-c865-567b-9af9beb78933"
}
}
}
However a /me/calendarview query works perfectly (GET https://graph.microsoft.com/v1.0/me/calendarview?startdatetime=2020-02-14T16:33:35.452Z&enddatetime=2024-02-21T16:33:35.452Z).
Do you know if the search/query API requires some specific properties for the user account?
Many thanks for your help, I have spent 1.5 days reading docs, other SO posts, trying various approaches, but nothing helps!
Calendarview works for both work account and personal account, please see this document but search query doesn't work with personal accounts. See this document.
The permissions here specify that you need to have atleast the least privileged permission to get the results if you login with the work or school accounts. And the second thing here is there are no permissions that support personal accounts. That means you cannot make this API call when you login with the personal account. Application - Not Supported means that the App context token doesn't support this call.
I have a shared calendar in Office 365 with read and write permissions and I am trying to get it using Get calendar (V2) connector but it is only getting my own calendar. Is there a way to get shared calendars for Office 365 in Azure logic apps?
For this problem I did some test and it seems the "Get calendar (V2)" action in logic app can't get the calendars which others shared to you. But I provide another solution(use graph api) below for your reference:
1. You need to ask others to share a calendar to you on office 365 web page but not in outlook app.
2. Then you need to create an application in your azure AD, please refer to this tutorial.
In the application you created in azure ad above, please do the steps below:
After that, please do not forget click the "Grant admin consent for xxx" button(Maybe you need to wait a few minutes until this button become clickable).
Then click "Certificates & secrets" in your application in azure ad and new a client secret.(copy this client secret to your note book)
3. Then create a "HTTP" action in your logic app and refer to the screenshot below to request for the access token.
The "client_id" is your appliction id in azure ad, "username" and "password" is your azure user name and password, the "client_secret" is what you got above. This "HTTP" action will help us to get the access token. The response should be like below:
Then we need to parse the response data in json type, you can use "Parse JSON" action.
Use the "Body" from the "HTTP" action and fill in the "Schema" box with the code below:
{
"properties": {
"access_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"ext_expires_in": {
"type": "integer"
},
"scope": {
"type": "string"
},
"token_type": {
"type": "string"
}
},
"type": "object"
}
4. After that, we can create another "HTTP" action in logic app and request the graph api for all of the calendars which you can see (please note there is a space between the "Bearer" and the "access_token").
5. At last, we can get all of the calendars in the second "HTTP" action's "OUTPUTS" box.
Hope it helps~
Hi I want to check the permissions of a user in a specific Azure Devops Project. Is there a possible way to get it? As far as I know project level permission is different than organization level permissions. Thanks.
Already test some several rest apis but still I can't have the project level permission.
There is currently no out-of-the-box rest api to get the user's permission in project.
To achieve this demand, you can use this rest api :
https://dev.azure.com/{org}/_apis/Contribution/HierarchyQuery?api-version=5.0-preview.1
Request body:
{
"contributionIds": ["ms.vss-admin-web.org-admin-permissions-pivot-data-provider"],
"dataProviderContext": {
"properties": {
"subjectDescriptor": "msa.ZjE1ZTk0NmMtOTI4OS03Mjg5LTljMGUtMDIwMTdlYmM2Nzhj",
"sourcePage": {
"url": "https://dev.azure.com/xxx/xxxx/_settings/permissions",
"routeId": "ms.vss-admin-web.project-admin-hub-route",
"routeValues": {
"action": "Execute",
"adminPivot": "permissions",
"controller": "ContributedPage",
"project": "XXX",
"serviceHost": "0933e8b2-f504-4b7e-9e9e-xxxxx (xxx)"
}
}
}
}
}
You can track this rest api by press F12 in browser then select Network .Then looking for the record that response body included returned permission. From this record you can get the rest api and request body.
I tested with postman , with this api ,I can successful get user's permission in project. As shown below:
I created admin console in the User interface where admin can perform all the operations such create, delete the user, assign applications to user and remove application access to users from the user interface
I tired to remove application access to the users from the User Interface by using Microsoft graph API and Azure AD graph api
i used following azure AD graph api
https://graph.windows.net/tenantid/users/{userId}/appRoleAssignments/{appId}?api-version=1.6
but it is showing the error when i tested in the postman "Invalid resource identifier for EntitlementGrant."
Idont know what to do can anyone help me about these error and how to resolve these problem.
You may be getting this error because you are trying to delete the application access using AppId of the application. Please make sure to use "AssignmentID" from Azure Portal which is unique ID of the specific role assignment and links the user/group and the service principal object.
Go to Azure Active Directory > Users > Select specific User > Applications > Select any application to navigate to "Assignment Details" blade.
See screenshot below -
This unique id is also available as "ObjectID" if querying application role assignments through Graph API -
https://graph.windows.net/{TenantID}/users/{UserID}/appRoleAssignments
Here is the sample output of the above API call.
"odata.metadata": "https://graph.windows.net/sasharms.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "r7rDMrnDo0uCuwnosRwwzuziiF5B8s9FnsotYya5DMU",
"deletionTimestamp": null,
"creationTimestamp": "2018-05-10T14:10:49.8197813Z",
"id": "00000000-0000-0000-0000-000000000000",
"principalDisplayName": "SaurabhSharma",
"principalId": "32c3baaf-c3b9-4ba3-82bb-09e8b11c30ce",
"principalType": "User",
"resourceDisplayName": "WebAppOpenIdGraphApi",
"resourceId": "90658e39-2559-48fb-a27a-5e50cca94288"
}
This Id is ideally used for performing various operations against the application using any programmatic interfaces like PowerShell and Graph APIs.