I'm currently developing an application that uses an Azure AD instance. I'm trying to query this AD to sync the users to my system. I want to retrieve all the users and their groups. The Microsoft Graph API has the following function for this operation:
https://graph.microsoft.com/v1.0/users?$expand=memberOf
However, this gives me the same response as calling: https://graph.microsoft.com/v1.0/users. Users in my AD do have groups and I did try calling the api with $select instead of $expand, but also without result.
Is this a bug? Am I doing something wrong?
Thanks!
Expanding navigation properties on user entities is currently not working on the production (v1.0). Please see this post for more information: https://stackoverflow.com/a/39022980.
Related
Unable to use Microsoft Graph API to create or update SharePoint list items with client credentials access token (getting access token with out a user), I get the following error,
I'm able to successfully call GET and DELETE methods with the same access tokens for the same site/list, additionally I'm able to call all methods GET/POST/PATCH/DELETE for the same site/list using the user generated access token.
For my use case I need to able to create/update list items with out user access so, followed this article - https://learn.microsoft.com/en-us/graph/auth-v2-service, API has required permissions granted in the application
can't seem to find any documentation on what exactly I'm missing, looks like POST/PATCH endpoints are looking for some user info in the token, but client crendentials do not have any user info so not sure what to do next, Here's the documentation I'm following https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http & I've tried using the .net graph client SDK as well and I get the same error message for both POST/PATCH requests.
Any help on how to successfully create/update sharepoint list items via graph api using client credential token would be highly appreciated.
Followed this article in setting up the application in azure ad - https://learn.microsoft.com/en-us/graph/auth-v2-service, Added app roles are as highlited in this article https://learn.microsoft.com/en-us/answers/questions/756563/app-roles-in-client-credentials-scope-in-azure-b2c.html but no luck.
Hope you are not using delegated permission in your personal account ,
Looks like there is something wrong with your API call ,make sure you are using the correct API call - https://graph.microsoft.com/v1.0/sites/{site-id}/lists/{list-id}/items
You can also Try to create and Update in graph explorer- https://learn.microsoft.com/en-us/graph/api/listitem-create?view=graph-rest-1.0&tabs=http#example .
Hope this helps
Thanks
I am trying to implement functionality where I can get list of documents from share-point.I have tried this demo code from Azure directory implementation and login to account and also got details about sites and user data from graph API.
https://github.com/Azure-Samples/ms-identity-android-kotlin
I am able to get site data from graph API :
But when I am trying to get list then getting error or no value
I have also passed this authorization token to REST API but that too doesn't work.
You can try with scope Sites.ReadWrite.All instead of User.read, as I tested it using Graph Explorer and I got access denied as the scope permission was not consented. After I consent the permission, it worked .
Example 1:
Before Consent:
After Constent:
I have created a test list on the Communication Site.
After that when I query for lists , I successfully get the above one I created.
Example 2 :
I also tested it using a Application registered to Azure AD. It didn't return me any error or any value as well when I queried for lists using that app's credential's from Powershell.
After I add Sites.ReadWrite.All to the App's API permission's .
I can successfully get the Values of the lists.
To summarize it , it could be resolved in 2 ways :
Changing the Scope shown on the screenshot given by you to Sites.ReadWrite.All instead of User.Read.
Adding API permissions to the APP registration in the Azure AD for Microsoft Graph as shown in the example 2 second image.
Recently Microsoft published the Microsoft Search API (beta) which provides the possibility to index external systems by creating a MS Graph search custom connector.
To achieve this I created 2 Search Custom Connectors:
one according to Microsoft Graph Search Connector Sample from GitHub
and one on my own, step by step according to the official MS instructions
Create the Connector app in Azure
Add app registration (Single tenant)
Add required API permissions and give admin consent
Add a client secret
Get access token (via Postman)
Get the required parameters from app registration
Submit a login request to get the (bearer) token
Create a new connection (via Postman)
Registering a schema (via Postman)
Add items to the search index (via Postman)
Both variants worked well so far but if I now try a search (for example via Bing (activated for our O365 tenant, or in the Microsoft Search Center, logged in as the appropriate account) no results from the custom connectors are shown.
Via Graph Explorer, logged in as the appropriate account and using the query https://graph.microsoft.com/beta/search/query, I get an http status 500 ("InternalServerError", "The call failed, please try again."): Screenshot from Graph Explorer
Under > Microsoft 365 admin center > Microsoft Search > Connectors both connectors are displayed but there is displayed neither any status nor any successful synchronisation: screenshot from MS 365 Search admin center
I know the Microsoft Search API in still in preview but I wonder if it works at all?
Is there any possibility to trigger the synchronisation manually?
Or at least find out what's going wrong here?
Did you create a new Result Type and Vertical as well in the Search center?
I followed the steps mentioned in the sample and the search works for me in Office 365.
Regarding the synchronization, I don't think that is available in the Search center as of now because there is no option to edit the connection or set any synchronization schedule. However, I'm still exploring other options to synchronize as its quite new to me.
I'm trying to make a query to Application Insights using the Azure API format to retrieve data on multiple applications. I can successfully make queries for any application without a join.
I have previously done this using the Public API format, following the documentation for making "cross-application queries" successfully. Under the Azure API schema, however, once I add a second application to a query - either using the implicit or explicit mechanisms described in the documentation - I get an error of type InsufficientAccessError with the message: "The provided credentials have insufficient access to perform the requested operation".
If there are sufficient permissions to access either table individually, I would expect there to be sufficient to do a join. Is there a separate permission required to make these queries, or is it an issue with the API itself?
For reference, the Azure AD application has delegated permissions for:
user_impersonation
Directory.Read.All
Group.Read.All
User.Read
User.ReadBasic.All
User.ReadWrite
The user which is making the requests has the Owner role on all relevant applications.
And the final request has a JSON body (with the blanks filled in):
{
"query": "requests \n| summarize avgRequestDuration=avg(duration) by bin(timestamp, 1h)",
"applications": [
"/subscriptions/<subscriptionId>/resourceGroups/<resourceGroup>/providers/microsoft.operationalinsights/components/<applicationName>"
],
"timespan": "P1D"
}
Edit: I've tried this query using different forms of the resource identifiers as mentioned in the documentation, including the recommended "/providers/microsoft.operationalinsights/applications/" and "/providers/microsoft.operationalinsights/components/".
Based on a couple of things I've discovered, I believe it is impossible to do a cross-resource query in the Azure API URL format.
All experimentation with adding different roles to users and experimenting with permissions failed to find anything that worked.
The Go SDK uses the Azure API URL format and does not allow cross-resource queries, the .NET SDK uses the Public API URL format and does allow cross-resource queries, indicating that the feature set is different for the two APIs.
I would be happy to be proven wrong or to have this proven correct with a better reference.
ASKING THIS HERE AT THE EXPLICIT REQUEST OF THE MICROSOFT AZURE SUPPORT TEAM.
I've been attempting to call the MS Luis.ai programmatic API (bit.ly/2iev01n) and have been receiving a 401 unauthorized response to every request. Here's a simple GET example: https://api.projectoxford.ai/luis/v1.0/prog/apps/{appId}/entities?subscription-key={subscription_key}.
I am providing my appId from the Luis.ai GUI (as specified by the API docs), here:
I am providing my subscription key from Azure (as specified by the API docs), here:
The app ID and subscription key, sourced from above, are the exact same as what I'm using to hit the query API successfully (see note at bottom). My account is pay-as-you-go (not free).
Am I doing something wrong here? Is this API deprecated, moved, down, or out-of-sync with the docs?
NOTE: I can manipulate my model through the online GUI but that approach will be far too manual for our business needs where our model will need to be programmatically updated as new business entities come into existence.
NOTE: The programmatic API is different from the query API which has this request URL, which is working fine for me:
https://api.projectoxford.ai/luis/v2.0/apps/{appId}?subscription-key={subscription_key}&verbose=true&q={utterance}
NOTE: There doesn't seem to be a Luis.ai programmatic API for v2.0--which is why the URLs from the query and programmatic APIs have different versions.
Answering my own question here:
I have found my LUIS.ai programmatic API key. It is found by:
LUIS.ai dashboard -> username (upper-right) -> settings in dropdown -> Subscription Keys tab -> Programmatic API Key
It was not immediately obvious since it's found nowhere else: not alongside any of the other key listings in cognitive services or the LUIS.
the programatic key for Luis is here ,
https://www.luis.ai/Home/UserSettings