I currently have a Graph API based OAuth application in Azure AD that is used by our application to schedule events on behalf of the user using the OAuth access token flow.
This has been working fine so far but recently we have observed that there are few clients for whom the events are not getting created when the API call is made by the application. The event gets created however when the same payload is pushed through Postman. This is happening only for a few O365 domains and not for others. We are not able to figure out what could be a potential reason for this?
Anyone else who has faced something similar in the past or can point me towards some hypothesis?
Related
I am attempting to use "v1.0/me/joinedTeams" to get all the joined teams for the currently authenticated user in my asp.net service. This works fine for external accounts that use a Microsoft identity (have a live account) but the same call returns a 400 Bad Request when I attempt to use an external account that uses a mail identity (no live account). The request is the same regardless of external account type. The token generated when authenticating as the mail identity external user looks correct when I inspect it.
I have been able to implement a workaround where I instead use the SharePoint REST service to get the groupId for the team site the user is apart of and then use the Graph call "v1.0/teams/{groupId}" to get that team. However, I need to do this for all the teams the external user has access to which slows things down quiet a bit.
I am aware of what looks like a bug in Graph when trying to make any Graph calls with any external user type, described here: https://github.com/OneDrive/onedrive-api-docs/issues/1039. I have also implemented the workaround for this issue which requires first accessing each site the user has access to by making some arbitrary call using the REST service. Then any subsequent calls using Graph should work. I do this for external accounts with a mail identity before trying to make the joinedTeams call but still run into the 400 response.
These workarounds will suffice in the short term but they increase my execution time significantly, especially when there is a large number of teams the external user is apart of. Any insight on a solution is greatly appreciated.
/me/joinedTeams is not available for personal Microsoft accounts. Se the table on this page
I am working on the MVC application which is using Microsoft Azure Active Directory for signing in. I am also going to enable the MFA for users.
If the user changes the phone number or phone then that user needs to able to reset MFA from the application itself. I know we can reset MFA from the portal using Require re-register MFA.
Is there any way to accomplish this functionality using Graph API or using code?
After a long time of searching and testing, I am sure that Update phoneAuthenticationMethod api can definitely meet your requirements.
Summary:
I have a WinForms app where multiple users from my organization login to.
From within this WinForm app, I want to call my Web API which internally processes some calendar related events (like create new meeting, fetch meeting responses, etc.) for precisely allotted MeetingManager user
Here, we intend to use Microsoft Graph API to do all our stuff
And since the Web API is going to handle this internally at its endpoint, we seek no interactive screen in between (neither for user login nor for granting permissions at consent page). All this should happen in background without any user interaction in between.
How can I achieve this?
Note: I am a beginner to Microsoft Graph API and Web application domain
Graph API Mock up:
You can get this by app-only authentication method. Get an app-only access token and use it for authentication.
I am also struggling on a similar type of question and I need to retrieve planner tasks. For planner tasks app-only scope is not supported but In your case I think it should work
Read both these links for more details.
https://graph.microsoft.io/en-us/docs/authorization/app_only
https://graph.microsoft.io/en-us/docs/authorization/permission_scopes
I want to access to the calendar to read/create event from the user if he agrees.
I've followed the guide https://developers.google.com/google-apps/calendar/v3/sync
I've actived the api with my google account. Then use the OAuth 2.0 to get a code and the token.
When I follow the test, I use another account to simulate a random user.
Arrived at the lecture of the agenda, I get this error:
Error calling GET https://www.googleapis.com/calendar/v3/calendars/primary/events?maxResults=10&orderBy=startTime&singleEvents=true&timeMin=2016-06-14T11%3A28%3A25%2B02%3A00: (403) Access Not Configured. Calendar API has not been used in project 1056... before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/calendar/overview?project=1056... then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
It seems legit but I don't want the user to active the api on his side...
What am I missing?
Go to Google Developers console and enable the Google Calendar API. You need to tell Google which APIs your application will be accessing.
We are developing a web application using Microsoft Graph, where the signed in user can, Export all the calendar events to a third party calendar Application. After this initial export, we need to keep the exported data in sync with calendar changes via service app (a scheduled task running on server). This need to be a multi tenant application, as people from different organizations should be able to use this service.
Right now we did the authentication using OAuth 2.0 and OpenID Connect as described in this sample. Later we understood that the access token we get using this method cannot be used in the service app without user interaction. Considering our scenario what is the best way to achieve this?
I have read about App-only authorization method to do this. If we use this authentication method, the app need to be consented by a tenant administrator and the these applications are quite powerful in terms of what data they can access in the Office 365 organization. Considering we are developing a product used by different organizations, will it be feasible to use this method?
To use the client credentials OAuth2.0 flow (aka "App-only" or service account access depending on who's documentation you're reading) the admin for each tenancy will need to specify which scopes your daemon process can have for users in their tenancy. The end users can't give these scoping rights to your code themselves (as far as I know at least).
One thing to watch out for is that currently Graph API doesn't allow you to mess about with calendars that are attached to Office 365 Groups if you're using the client credentials flow. This is a pain for us, so we've raised it as an issue that needs fixing in the Office 365 feedback system. if that's an issue for you or anyone else, please throw a few votes at it so that it gets more attention at Microsoft. :-)