As I'm trying to get my calendar with graph UI or with my daemon app, I get the same unknown error with the http error 404
For my app I got the needed permission Calendars.Read by the admin and added the proper scope. The app works nice, when I run simple query https://graph.microsoft.com/v1.0/users/id, I got the required profile, however as I run /users/id/calendars, it fails as shown above.
The same thing occurs as I just run /me/calendars in MS Graph UI as a ordinary user with only delegated rights.
Any ideas, what I'm missing?
Related
I tried to receive all events for an Microsoft 365 User. It's a business license and a add an App with all User/Mail/Calendar Permissions (also consent granted) to Api permissions.
When running this command or some similar like in the documentation I got 403
Client error: `GET https://graph.microsoft.com/v1.0/users/xxxxxxxxxxxxxxxxxxxx/events` resulted in a `403 Forbidden` re
sponse:
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}
What did I do wrong? I also tried the Graph Explorer (with logged in user).
Are the permissions you are assigning delegated or application permissions?
If you are using application permissions for your App Registration then you need to give access on the user's calendar to the app (probably by using a new service principal on exchange online).
If you are using delegated permissions then you should check the access token you are getting for validation in jwt.ms
Bear in mind that Graph explorer with logged in user needs different permissions than your App Registration. ( it's a different app registration altogether )
Seems like I had the same issue https://learn.microsoft.com/en-us/answers/questions/1165285/microsoft-graph-get-outlook-calendar-events-403?page=1&orderby=Helpful&comment=answer-1168253#newest-answer-comment
The fix was to remove all the other permissions and just give it
I am follow the tutorial that Microsoft has provided for signing a user into a desktop application using Microsoft Identity Platform and calling ASP.NET Core Web API which calls Microsoft Graph. I believe I followed all of the steps, configuring my service and client per instructions. https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/tree/master/2.%20Web%20API%20now%20calls%20Microsoft%20Graph
However upon trying to add a new "to-do", I get the following error: "Bad Request: An error occurred while calling the downstream API Code:InvalidAuthenticationToken
Message: Invalid x5t claim "
The error occurs on this call:
User user = _graphServiceClient.Me.Request().GetAsync().GetAwaiter().GetResult();
Any idea what the issue might be and how I troubleshoot?
Update: I am in the middle of troubleshooting this now with an admin. I am not getting roles back but he is and we now both agree the issue is on the azure application configuration, not the code... frustrating, but we are at least making progress.
Would you please try pasting the token into jwt.ms to decode it and inspect the claims?
I got a similar error due to a lack of access. Changing Delegated and Application Permission for Users solved the issue. You can try that.
I am trying to run this GET /teams/{team-Id}/tags api in Graph explorer, but returning 404
Also, as per the documentation here, the API requires
Application permission | TeamworkTag.Read.All, TeamworkTag.ReadWrite.All
But these permissions are not present in the list of permission in the Graph Explorer under Modify Permission.
So, Q1: is it not possible to run the API from Graph Explorer ?
Plus, I added permission to my application on Azure and then call the API in my angular application - it still gave me 404.
Q2: What practice should I follow to make this API run?
EDIT:
As per this doc Delegated permission is not supported to run this API, so we tried with Postman and this method returned a 200 OK response code and a collection of teamworkTag objects in the response body.
Steps followed:
Added TeamworkTag.ReadWrite.All application permission n our Azure App.
Get access token as per this
Run this query in Postman.
GET https://graph.microsoft.com/beta/teams/{teamid}/tags
I am trying to log into my youtube account to access and build a reporting job. Trouble is I set up the Web Application, and set up the OAuth consent screen with the name of the application and am getting a 401. That’s an error.
Error: deleted_client
The OAuth client was deleted.
I've already tried renaming the product name to the application name, and have an email set up. Other than that, nothing on the web really answers the question.
This is the image of the error that i'm seeing
I am trying to implement user creation in Azure AD. Tried graph explorer with the below link. But it is not working, showing "We had an issue sending this request to the Graph API".
https://login.windows.net/oauth2/token?api-version=2.0
Also tried in localhost, then shows:
Curl error: Unknown SSL protocol error in connection to
login.window.net:443
Please help me?
That link is to try and acquire a token. That is unnecessary in Graph Explorer. Just click the "Sign-in with Microsoft" button, and enter your tenant admin credentials. Then select POST for the operation and https://graph.microsoft.com/v1.0/users. In the request body put the properties that are required to created a new user, as described in https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_post_users. NOTE: When trying this operation, you may be required to consent for administrative permissions - make sure you select User.ReadWrite.All, and consent.
Hope this helps,