I am tryin to post to sharepoint's api. I can read just find, just cant add items.
Here are my permissions.
When i post a new item in a list I get:
System.UnauthorizedAccessException
What am i missing
Related
I discovered today that permissions are not returned anymore using this query using a regular user (it is working with a Global admin account):
https://graph.microsoft.com/v1.0/sites/<siteId>/lists/<listId>/drive/items/<folderId>?&expand=Permissions
The list of permission returned is empty.
Same result using
https://graph.microsoft.com/v1.0/sites/<siteId>/lists/<listId>/drive/items/<folderId>/Permissions
Based on documentation, For a non-owner caller, only the sharing permissions that apply to the caller are returned.
If I'm going directly in SharePoint with the user, I see the right permissions.
According the remarks
The permissions relationship of DriveItem cannot be expanded as part of a call to get DriveItem or a collection of DriveItems. You must access the permissions property directly.
Could you try to call this endpoint?
GET /v1.0/sites/<siteId>/lists/<listId>/drive/items/<folderId>/permissions
Resources:
Permissions
The Azure port still uses the Azure AD Graph API in some places. One thing it uses this for is to list API permissions. For this, the portal uses the REST API target GET https://graph.windows.net/myorganization/applicationRefs/c5393580-f805-4401-95e8-94b7a6ef2fc2?api-version=2.0 (example shown for Office 365 Management API). I've searched and cannot seem to find a way to list similar permission sets using the Microsoft Graph API. Is there a way to access this using the Microsoft Graph API?
Ok, was going to upvote one of the previous answers, but my profile is too new. :( You can do this by reading the MS Graph service principal in your tenant as described above. This PowerShell code gives an example (it's used in a command called Find-GraphPermission in the autographps and autographps-sdk modules.
Basic approach is:
Get app-only permissions from the appRoles property of the servicePrincipal
Get delegated permissions from the publishedPermissionScopes property
Each element of appRoles has an id that can be read or written from a given appRoleAssigment object on an app's servicePrincipal in your tenant. Note that each appRole element has a value property that is the common friendly name of the app-only permission (e.g. BitlockerKey.ReadBasic.All
A similar id and value pair exists for each element of publishedPermissionScopes which gives you the delegated permissions. You can use those ids with oauth2PermissionGrant objects under the segment /oauth2PermissionGrants to enumerate consent grants for a given servicePrincipal (and thus app) in your tenant or grant or remove consent
Note that the ids for both appRoles and publishedPermissionScopes are the same in all tenants, so you can actually perform this same mapping of friendly names to ids for any tenant, and use a static snapshot. This can be useful as your application may not be able to read the Microsoft Graph servicePrincipal object. If you store a static version, you'll have the mapping regardless and you'll only miss any new permissions that get added to Microsoft Graph for new APIs.
This file contains a snapshot of the MS Graph servicePrincipal as a fairly readable JSON-like PowerShell hash table: https://github.com/adamedx/autographps-sdk/blob/main/src/common/DefaultScopeData.ps1
For this requirement, you can use this microsoft graph api: https://graph.microsoft.com/v1.0/applications/<object id of the application>
It will response the result like below screenshot(please pay attention to the field requiredResourceAccess):
The content under requiredResourceAccess is the API permissions of this application. The type scope means the permission is Delegated type and the type role means the permission is Application type.
Then please refer to steps below to know which permission does the id under resourceAccess field refer to.
Copy the resourceAppId, in my screenshot is 00000003-0000-0000-c000-000000000000. And request the graph api: https://graph.microsoft.com/v1.0/serviceprincipals?$filter=appId eq '00000003-0000-0000-c000-000000000000'
Copy one of the id under resourceAccess field in the response of first graph api. For example copy the first id a154bxxxxxxxxxxx59 in my first screenshot. And then search this id in the response of second graph api, we can find this id refer to User.Read.All permission.
I have already written the code for get all users method in dot net core that will get all users details from Microsoft Graph API. But i am unable to create/update/delete users through Microsoft graph API.
I am using
Uri Uri = new Uri("https://graph.microsoft.com/v1.0/users");
var httpResult = httpClient.GetStringAsync(Uri).Result;
for get all users.
According to your description, I assume you want to create/delete/update a user using the MS Graph API.
We can refer to this document to create/delete/update the user.
Using the endpoint POST /users to create a user.
Using the endpoint PATCH /users/{id | userPrincipalName} to update a user.
Using the endpoint DELETE /users/{id | userPrincipalName} to delete a user.
First of all, we should have grant the permission for you application.
We're using a CommentThreads: list YouTube API Method to get all comments associated with a YouTube Channel, and for at least half a year it was working fine with YouTube v3 Data API www.googleapis.com/auth/youtube.readonly scope. The scope is read-only, as we only need to get comments, not write anything. Since a few weeks ago it's not possible to do that with a read-only scope (it returns 403 "Insufficient Permission" error), a full scope www.googleapis.com/auth/youtube.force-ssl is needed to list comments.
The token is obtained via Google OAuth2 process.
The read-only scope is an official scope for the API, and I couldn't locate any limitations on using it in the docs for list methods, and there seems to be no announced changes to the API (as it stopped working only recently). Did anyone else experience similar problems?
If your project doesn't require using only Google OAuth2.
You could try to access CommentThreads:list API by using API Key.
Obtaining authorization credentials
The only downside is that you won't be able to retrieve your own comments, other than that it works like a charm.
I have generated the access_token by using the URL provided by GitHub. I am able to do all the GET operations on the api with the URL. What i really wish to do is the POST operation. I wish to create an issue from my Rails app.
Every time i try to do that, i get a 401 unauthorized access by GitHub despite the fact that i am sending the access_token in params on this URL.
I have also tried it with these gems :: Github V3 API and Octopi
There are other questions similar to this, but the solution has not been found it seems.
EDIT :: I wish to add title to create an issue