I am following the steps mentioned in the Microsoft Doc.
I have published the app and got the permission from my Azure administrator.
When I follow the steps mentioned in the "Sign in to onedrive business". I am able to successfully generate the code and token as mentioned in the documentation. But when I try to follow the Step 3 (Discover the OneDrive for Business resource URI) I am facing issues.
When I try to make a get request as mentioned the documentation (GET https://api.office.com/discovery/v2.0/me/services
Authorization: Bearer {access_token}), I am getting getaddrinfo ENOTFOUND api.office.com as the response.
Where am I going wrong, whether I need any additional privileges to successfully access the onedrive through graph api. Kindly advise.
According to this Discovery API is deprecated.
Instead of using directly OneDrive API, it's recommended to use Graph API to access OneDrive items.
Resources:
Graph API
Auth overview
OneDrive file storage API overview
Working with files in Microsoft Graph
Related
I am trying to get profile picture from Microsoft Graph API using keycloak token.
But it is getting unauthorised when I use keycloak token, if i use token from Microsoft identity it is working fine and returning profile picture.
I am unable to get proper documentation on this. Please share if anybody got/have.
You need to execute a token exchange, where you exchange Keycloak token (not valid for Microsoft Graph API) for a Microsoft token (valid for Microsoft Graph API).
So far, I have found this question in official keycloak blog and is really helpful to proceed.
https://keycloak.discourse.group/t/is-it-possible-to-use-an-keycloak-accesstoken-to-get-access-to-the-microsoft-graph/6831
I am asked to build a self service application on SharePoint where users can search through list of Publically accessible O365 groups. All users should be able to Add and Remove themselves from any specific group.
I planning to use Graph API for this.
Can anyone please provide some documentation or examples.
I would try the following steps to build your above application:
Register an Azure AD application and define an auth workflow which suits your scenario
Make a call from the app to AAD using library like MSAL, get a valid access token
Using the valid token, i will call to access the protected resource like Microsoft Graph with necessary roles/permissions defined.
In your scenario, you will access the Microsoft Groups - then i will refer the Graph API documentation for it.
Implement your business logic to add/remove uses from the Group.
You're good to go!!
You can start by looking at the documentations and examples by going through this documentation : Microsoft Graph API
Microsoft Graph is a RESTful web API that enables you to access Microsoft Cloud service resources.
After you register your app and get authentication tokens for a user or service, you can make requests to the Microsoft Graph API.
It has various features that it supports : Major Services in Microsoft Graph
I'm trying to create an Amazon Alexa service that will take advantage of the Microsoft Graph... This is built with Node.js.
Currently when using my standard Outlook.com Microsoft Account to sign in, I get redirected to a Microsoft page that says
Microsoft account is unavailable
Microsoft account is unavailable from this site, so you can't sign in or sign up. The site may be experiencing a problem.
You can sign in or sign up at other Microsoft Sites and services, or try again later at this site.
I have been using https://login.microsoftonline.com/common/oauth2/v2.0/authorize as my authorization URL in the Alexa config account linking section. and using the Node Microsoft Graph JavaScript SDK library in my code.
I'm wondering if the Node library I'm using is the correct one? Has it been deprecated? Or is there something else going on here?
A common misunderstanding with Microsoft Graph is the separation of concerns between the API and Authentication.
You do not actually authenticate against Microsoft Graph. Instead you authenticate against the directory that holds your account, for organizational accounts this is Active Directory and for consumer accounts this the Outlook.com.
Once you have authenticated, you use the token you received back to identify yourself when calling Microsoft Graph API.
This is where you (and many others) get tripped up at first. Just as there are two concerns (Auth & API), there are also two separate SDKs. For Node.js you're looking for:
Microsoft Authentication Library (MSAL): This handles authentication for both Azure AD and Microsoft Accounts.
npm install msal
Microsoft Graph JavaScript Client Library: This is the client library for Microsoft Graph. It will provide the objects and methods you need to simplify calling the APIs.
npm install #microsoft/microsoft-graph-client
This should give you the tools you need to get started. There are some things around App Registration, OAUTH and Admin Consent that you'll likely run into as well. For these, you might find these helpful:
Microsoft v2 Endpoint Primer
v2 Endpoint and Implicit Grant
v2 Endpoint and Admin Consent
Hope this helps!
I am developing a console app in .net which will send mail using the Azure AD application. I followed all the step from generating the certificates to registered an application in Azure AD. Then provided the application permission (Send mail as any user) using Microsoft graph API and provided it “grant permission” as an admin consent.
In my console app code I uses the below outlook api to send mail as
resourseurl — https://outlook.office.com/api/v1.0/users/{my email account}/sendmail. After providing grant permission to my app I am still facing the 401:unauthorized error.
You gave permissions to Microsoft Graph API, so you need to use it.
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_sendmail
The URL that you need to use is thus:
POST https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/sendMail
Internally the graph API does call the API you mentioned. But your token is for the graph. Not the outlook API.
You also mentioned the resource URL. The graph API resource URL is https://graph.microsoft.com.
First post...here goes. I am trying to display email from a shared mailbox but run into "ErrorAccessDenied Access is denied. Check credentials and try again".
The user does have permission to the mailbox, I can access/read email in Outlook and in O365 portal. In my app I have also assigned Mail.Read.Shared and Mail.ReadWrite.Shared scopes.
At first I tried Graph Explorer
https://graph.microsoft.com/beta/users/<userPrincipalNameOfSharedMailbox>/messages
but same ErrorAccessDenied, assumed Graph Explorer did not have Mail.Read.Shared scope.
Next I tried to modify Microsoft Graph Snippets Sample for ASP.NET 4.6
I added Mail.Read.Shared and Mail.ReadWrite.Shared and was prompted to accept these permissions
• Read and write mail you can access
• Read mail you can access
but I get the same error when I try get mail from the shared mailbox
IUserMessagesCollectionPage messages = await graphClient.Users["userPrincipalNameOfSharedMailbox"].Messages.Request().GetAsync();
There was a similar post here Microsoft Graph API SDK .NET Issues getting other users emails and the answer implies this is possible. If it is can anyone provide some insight as to what I am missing? thanks
Right now, accessing shared messages is not supported for the authorization_code flow, but it is supported for the client_credentials flow. In order to incorporate this functionality, you will have to change your flow to incorporate this.
Here is an article on creating a client_credentials flow app if you are interested in going this route.