EDIT: I have successfully used the endpoint with my business Office365 account. I would like to use this in conjunction with my personal account since it has the shared data I am looking to access. Is there some fundamental aspect that prevents me from accessing this information through these APIs?
I have tried to perform the "my To Do task lists" https://graph.microsoft.com/beta/me/todo/lists with the Microsoft Graph Explorer Tool at https://developer.microsoft.com/en-us/graph/graph-explorer
I have set the Tasks.ReadWrite consent for the token, and it lists it "Consented" in the "Modify Permissions" tab. However, calling the API just returns a 401 error with a very unhelpful message:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"date": "2020-10-08T17:48:38",
"request-id": "7989b12e-4276-4600-968a-daa59677ebfe",
"client-request-id": "019b2755-0eb0-40f2-7ada-6df8d36857ff"
}
}
}
Yes – I know something is wrong but I thought I was doing everything properly. The account I am using is a personal account.
Other requests, such as https://graph.microsoft.com/beta/me work just fine. I have not found in the documentation any obvious things I am missing, so I thought I'd try to hear if someone has had a similar issue.
Related
When using the /calendar/events API, it returns "Unknown Error" for some users, but works OK for others. This has been reproducible consistently for at least 2 months.
Example request:
GET https://graph.microsoft.com/v1.0/users/07f20085-cd3e-4532-a59e-b454de5b62ea/calendar/events?$select=id&$top=1
Authorization: Bearer %token%
And we get the following response (an image encoded as BASE64 omitted for brevity):
"error": {
"code": "UnknownError",
"message": "<html>\r\n<head>\r\n\t<meta charset=\"utf-8\">\r\n\t<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\r\n\t<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, user-scalable=yes\" />\r\n\t<title>Service Unavailable</title>\r\n</head>\r\n<body>\r\n\t<noindex>\r\n\t\t<table width=\"100%\" height=\"100%\">\r\n\t\t\t<tr>\r\n\t\t\t\t<td align=\"center\" valign=\"center\">\r\n\t\t\t\t\t<img src=\"data:image/png;base64,<..>\r\n\t\t\t\t\t<p style=\"margin-top: 50px;font: 25px sans-serif;\"><span style=\"font-size:33px;font-weight: bold;display: block;margin-bottom:20px;\">Сервис недоступен</span>Service Unavailable</p>\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t</noindex>\r\n</body>\r\n</html>\r\n",
"innerError": {
"date": "2022-01-10T20:24:26",
"request-id": "ce045d30-8f55-43ee-bddf-25d11f0766a6",
"client-request-id": "ce045d30-8f55-43ee-bddf-25d11f0766a6"
}
}
The error message is unhelpful: there're no details as to what is wrong.
What we did:
Made sure the user has a cloud solution (i.e. not on-premises).
Asked the organization's admin to check if there's any difference between users for which the API works and for which the API doesn't; apparently, nothing suspect found.
What can be the cause of this "UnknownError" response? Is this a bug on the Teams side, or is it a misconfiguration in the affected organization? Maybe there's some permissions that we're missing (even though it works OK for other orgs)? We're out of ideas.
when I'm trying to test ms teams api it always returns 404
For example - the simplest query: GET https://graph.microsoft.com/v1.0/me/joinedTeams
{
"error": {
"code": "ResourceNotFound",
"message": "Resource not found.",
"innerError": {
"date": "2020-07-24T08:47:53",
"request-id": "0ae3aa34-4aa5-4609-ac6b-01c2aba09b24"
}
}
}
I made test team, added couple of test users etc.
The problem was that I was using personal ms account instead of admin account from azure portal.
From approximately March 23 2020 Microsoft Graph Planner apis like https://graph.microsoft.com/v1.0/planner/tasks/TC41-x8azkKX-ibO17qtJpYAHGAB starting throwing 401 for external guest users with the following error message:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "33a1c8d0-60b3-46ab-807a-da5a8d776151",
"date": "2020-04-13T07:51:57"
}
}
}
The Microsoft Graph call has Group.ReadWrite permissions.
The same user can access the task fine through Microsoft Planner with this url: https://tasks.office.com/meetingdecisions.com/Home/Task/TC41-x8azkKX-ibO17qtJpYAHGAB
Why did this suddenly start happening?
I have registered an application in Azure Active Directory to call findMeetingTimes from Microsoft Graph. I am able to successfully authorize, get a token, and make other Graph API calls, but receive a 401 - Unauthorized response with an error code of "UnknownError" for the endpoint https://graph.microsoft.com/v1.0/me/findMeetingTimes.
I am using a Microsoft work account for these activities, and I am able to login with said account and view the calendar. I have tried other calendar-related API calls including /me/calendar/getSchedule and /me/events and received successful responses. I am mostly testing with Postman, but have attempted to use the Graph Explorer and gotten the same response.
I have also checked that the token I am using contains the correct scope of both Calendars.Read.Shared and Calendars.ReadWrite.Shared. I originally tried with just the scope of Calendars.Read.Shared, but to no avail.
This is the response I receive when requesting a token:
{
"token_type": "Bearer",
"scope": "Calendars.Read.Shared Calendars.ReadWrite.Shared User.Read profile openid email",
"expires_in": 3600,
"ext_expires_in": 3600,
"access_token": "foo",
"refresh_token": "bar"
}
The request I make (with an empty body, as all body parameters are optional):
POST /v1.0/me/findMeetingTimes HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
Authorization: Bearer foo
The 401 response I receive:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "foo",
"date": "2019-06-21T13:52:00"
}
}
}
Is there any other configuration that I can change to get around this issue?
We've managed to track down the issue: the O365 tenant I was attempting to make the API call on was a Government tenant and did not have the "findMeetingTimes" function enabled/installed within the tenant.
The workaround for the time being for us is to use the Outlook REST API, which has a similar function: https://learn.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/calendar-rest-operations#FindMeetingTimes
Is it possible to retrieve task lists using the Microsoft Graph API (http://graph.microsoft.io/docs/api-reference/beta/api/task_list) in a service app?
I can successfully request a token that has all of the following scopes:
Calendars.Read
Calendars.ReadWrite
Contacts.Read
Directory.AccessAsUser.All
Directory.Read
List item
Directory.Read.All
Directory.ReadWrite.All
email
Files.Read
Files.Read.Selected
Group.Read.All
Group.ReadWrite.All
Mail.Read
Mail.Send
Notes.Create
Notes.Read
Notes.Read.All
Notes.ReadWrite.All
offline_access
openid
People.Read
profile
Sites.Read.All
Tasks.ReadWrite
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite
User.ReadWrite.All
user_impersonation
I am able to get lists of users, groups, applications and other entities, but my requests to the tasks or plans endpoints return the following error:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "d0d7d970-ff88-4af9-93d3-8b8d4acfabf0",
"date": "2016-01-28T12:46:31"
}
}
}
My expectation is that Group.ReadWrite.All is inherited as app-only from Directory.ReadWrite.All, so together with Task.ReadWrite I should be able to see tasks and plans.
Is there another required permission or another setting that we’ve missed?
Retrieval of tasks/plans is currently not supported in service-only (app-only) context. Please use user delegation context (app+user) instead.