Our application is using SharePoint to upload files from our server, which the external user can then access.
Can somebody help us out?
To create the sharing link (type edit, scope users), we followed the instructions on this page, which worked fine
We grant the user permissions for this link (write), following the instructions on this page, which worked fine
Using the GET /drive/items/{item-id}/permissions endpoint, we verified the user is shown under grantedToIdentitiesV2 and grantedToIdentities, which worked fine
Using the user's account, we send a request to GET /shares/{shareIdOrEncodedSharingUrl}, which is erroring with the following message
{
"error": {
"code": "accessDenied",
"message": "The sharing link no longer exists, or you do not have permission to access it.",
"innerError": {
"date": "2022-12-05T12:22:19",
"request-id": "xxx",
"client-request-id": "yyy"
}
}
}
If the user instead opens the link in their browser, they can access the files just fine. We expected the call to the API to work just fine as well.
The encoded sharing url is correct, all required scopes are present, we also tried specifying the Prefer header. We repeated all steps on the Graph Explorer. Nothing seems to work.
You can open it directly without visiting link just add header Prefer with value redeemSharingLink to
request https://graph.microsoft.com/v1.0/shares/{{base64ShareURI}}/driveItem.
Doc Reference: https://learn.microsoft.com/en-us/graph/api/shares-get?view=graph-rest-1.0&tabs=javascript
Related
I have a office 365 account and Iwant to access my emails
I followed Microsoft graph documentation
https://learn.microsoft.com/en-us/graph/api/user-list-mailfolders?view=graph-rest-1.0&tabs=http
I have selected the permissions asked as you see below :
Permissions Image
I have requested the token and the following request does not work :
GET https://graph.microsoft.com/v1.0/me/mailFolders
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
But when I use the next one , it works :
GET https://graph.microsoft.com/v1.0/users('xxx.yyy#zzz.onmicrosoft.com')/mailFolders('Inbox')/messages
I need to use the first endpoint which everybody is using on the internet , I can't get why I doesn't work for me
In Graph, the /me/ endpoint is an alias for the currently signed in user (based on the token). An application without a user present will not be able to query /me/, and should instead specify the user id of the user of interest (/users/user id).
If you call this endpint /me/mailFolders which means listing the mailFolders of the currently signed in user. So you need to add delegated permissions and use the flow except client credential flow to get access token.
If you still would like to use application permissions, you need to call this endpoint /users/{id | userPrincipalName}/mailFolders.
About the error(Resource does not exist or one of its queried reference-property objects are not present.), see the code sample of this issue.
I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.
I want to use microsoft graph API in my application without user. For I got access token by tenant id (a8ef7dd1-217d-430f-9ba0-4dd465b9098d) using this url
https://login.microsoftonline.com/a8ef7dd1-217d-430f-9ba0-4dd465b9098d/oauth2/v2.0/token
I see correct result after this request.
Afte that I try to get user using this url
https://graph.microsoft.com/v1.0/users
It also works fine for me.
Example response: {"#odata.context":"https://graph.microsoft.com/v1.0/$metadata#users","value":[{"businessPhones":[],"displayName":"IOTA CLM","givenName":"IOTA","jobTitle":null,"mail":null,"mobilePhone":null,"officeLocation":null,"preferredLanguage":null,"surname":"CLM","userPrincipalName":"clm-iota_outlook.com#EXT##clmiotaoutlook.onmicrosoft.com","id":"50ecbaed-9cee-411f-abb6-5e53e2a1051a"}]}
But if I try to get mailFolders using next get request
https://graph.microsoft.com/v1.0/users/50ecbaed-9cee-411f-abb6-5e53e2a1051a/mailFolders
I see 404 error :
"code": "ResourceNotFound",
"message": "Resource could not be discovered."
What I missed?
Are you sure that that user has a mailbox?
Make sure you have the correct permissions? To access mail, you require Mail.Read application permissions that have been admin consented. https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0
You can admin consent where you've registered the application in the portal in the "Permissions" tab of the application. https://aad.portal.azure.com
I've had the same error.
You probably didn't assign a license while adding users at https://admin.microsoft.com
If you go to the Microsoft site, you will find that you need to license Exchange Online to use the Exchange Online feature.
https://learn.microsoft.com/en-us/exchange/exchange-online
Check it out!
I'm using Microsoft Graph API v1 with Administrator credentials via my software to create Events in a Group. However the response I get is a 403 with the following:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "c4754c79-5e3a-4f63-9f88-404100513796",
"date": "2018-07-11T10:11:27"
}
}
}
on a POST request to https://graph.microsoft.com/v1.0/groups/{idGroup}/events/
I have checked all rights provided to the app via Azure AD and everything is fine (tokens, code and scope with Group.Read.All Group.ReadWrite.All). The Group is also created, the users are added to it and the owner is the admin I use for the create request.
I have also tried on the Microsoft Graph API Explorer but i have the same error.
Yesterday morning the creation was possible but I think some rights were corrupted. Is anybody has got this problem before? How to fix it?
After a few days without any changes in the code the problem dissapeared.
I am still not sure of what happened, anyway thanks guys !
I am trying to create a worksheet using the Graph API and getting the below error. Everything on the URL seems right and I am unable to figure out what is causing the error. There is little help on the Graph API documentation also!
URL:
https://graph.microsoft.com/v1.0/me/drive/items/01FUAEYJMWQZF5VGFFL5G27P5AGS5M2FXD/workbook/worksheets
Error:
{
"error": {
"code": "AccessDenied",
"message": "Could not obtain a WAC access token.",
"innerError": {
"request-id": "44990b81-a8ee-489f-9fd8-d5f7c9a31bf1",
"date": "2018-05-07T14:02:08"
}
}
}
Microsoft documentation:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/worksheetcollection_add
Any pointers to the solution or what I might be doing wrong is appreciated. Thanks.
According to this post, "WAC is basically a designation for the Office web apps".
So this error probably means that something is tripping up the Graph server (in the file access authentication logic?), but the reported error is not specific enough, hence the generic "WAC Access Token" error.
This worked for me:
Make sure the file is in Sharepoint, not OneDrive (Microsoft Graph doesn't seem to play well with Excel files stored in OneDrive - I think I saw this on Reddit)
Is the file extension .xlsx? (According to this answer, .xltm can cause this error)
Does your user have the Files.Read permission?
Make sure you're using Delegated User permissions from and not Application permissions (GitHub issue)