When trying to change permissions to a ODfB folder (granted by a sharing link) from write to read, a bad request error is getting thrown:
{
"error": {
"code": "badArgument",
"message": "One of the provided arguments is not acceptable.",
"innerError": {
"date": "2020-09-15T21:30:01",
"request-id": "a43eb6a1-3c3b-49c4-bda1-5b4fd791da08",
"client-request-id": "d8f9a715-9dac-9db7-1ac5-8d16d49630f2"
}
}
}
Request :
PATCH https://graph.microsoft.com/v1.0/me/drive/items/01HKVKMAZ1QBH7KJAWF5AIOO4D3P7AETV2/permissions/0cc09318-b541-4aa4-ba3d-aeca64c7d932
Content-type: application/json
{
"roles": [
"read"
]
}
I made sure that item id is correct, as well as permission id, autorization token in header is also fine.
Am I missing something, or does updating folder permissions granted by sharing links not work at all in Graph API?
Related
The GetChat API (https://graph.microsoft.com/v1.0/chats/{chatid}) from Microsoft Graph returns error 403 (Forbidden) for some chats when using application permissions. The application being used has Chat.Read.All permissions with admin consent granted. Also, the same application returns success for other chats.
Following are errors for couple of requests to get chat, that were tried using Postman:
1:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:16:26",
"request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41",
"client-request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41"
}
}
}
2:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:18:37",
"request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4",
"client-request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4"
}
}
}
You could try couple of things here -
Try the same API call in Graph explorer and observe if you still see this error. This will help in identifying if there is any issue with the token that you have generated.
You may have changed your API permissions after giving your application admin consent. When you give admin consent, Azure AD will take a "snapshot" of the permissions at the time of consent. Then if you change the permissions later, you will need to re-do the admin consent process again.
Personal accounts are not supported. Refer permissions here.
Since yesterday, the file upload api keeps returning 403 randomly. But it depends on the sharepoint. Many of our clients dont seem to encounter the issue, but our own sharepoint, and a new client's sharepoint have this problem.
Basically every upload request either succeeds or returns 403 Access denied error. And more often than not, it returns 403:
Here is an example of a request (client's sharepoint):
error: "{
↵ "error": {
↵ "code": "accessDenied",
↵ "message": "Access denied",
↵ "innerError": {
↵ "date": "2020-10-14T08:51:20",
↵ "request-id": "cacf89c3-5dbc-4390-98a1-5d7cb9e2668d",
↵ "client-request-id": "cacf89c3-5dbc-4390-98a1-5d7cb9e2668d"
↵ }
↵ }
↵}"
Another example (our sharepoint):
error: "{
↵ "error": {
↵ "code": "accessDenied",
↵ "message": "Access denied",
↵ "innerError": {
↵ "date": "2020-10-14T09:01:38",
↵ "request-id": "3c23f74d-579b-41e8-aafc-a6e3b3a6d885",
↵ "client-request-id": "3c23f74d-579b-41e8-aafc-a6e3b3a6d885"
↵ }
↵ }
↵}"
Nothing has been changed on our sharepoint, it used to always work, no code change, no configuration change on sharepoint.
Edit, code being used for upload:
private function uploadSmallFile(string $localFilePath, string $remoteFilePath, $conflictBehavior)
{
$route = "/sites/root/drive/items/root:$remoteFilePath:/content";
$route = $route . '?#microsoft.graph.conflictBehavior=' . $conflictBehavior;
$item = $this->client->createRequest('PUT', $route, true)
->setReturnType(Model\DriveItem::class)
->attachBody(file_get_contents($localFilePath))
->execute();
return $item;
}
Further details:
Accessing sharepoint on the browser works fine.
Using Insomnia (like Postman but for all uses), here is what happens with a path (Content-Type and Content-Length specified):
Successful upload (201), 403 Access denied (although it happens twice in about 50 uploads in Insomnia)
{
"error": {
"code": "accessDenied",
"message": "Access denied",
"innerError": {
"date": "2020-10-15T07:34:19",
"request-id": "cf7f0f59-046c-4115-ab67-3f471f340dca",
"client-request-id": "cf7f0f59-046c-4115-ab67-3f471f340dca"
}
}
}
With itemId:
Only Successful upload
This is strange, because I'm pretty sure it's not code related, since this happens on a codebase thats as old as june 2020 and didn't change since then.
Edit: Problem seems to be solved, no code was changed on my side. API Related problem.
Edit 2: Problem is back as of today 20-10-2020 (at least since 8am CEST)
I would like to read a team's shifts using https://graph.microsoft.com/v1.0.
However i always fail with different errors and get contradicting server messages.
I send the API requests with Postman.
I am using Application authorization method. I think i have set all required Api permissions for my app.
I beleive i supply the correct headers, like:
Authorization
Content-Type
MS-APP-ACTS-AS
When i send the request like this to GET a team:
GET https://graph.microsoft.com/v1.0/teams/{id}
i get the following error message:
"error": {
"code": "NotFound",
"message": "No team found with Group Id {id}",
"innerError": {
"date": "2020-09-05T08:37:17",
"request-id": "id"
}
}
But when i try to create the team (from a group) like this:
PUT https://graph.microsoft.com/v1.0/groups/{id}/team
I get the error as follows:
"error": {
"code": "Conflict",
"message": "Team already exists",
"innerError": {
"date": "2020-09-05T08:33:33",
"request-id": "id"
}
}
When i try to make my actual call of interest, like:
GET https://graph.microsoft.com/v1.0/teams/{id}/schedule/shifts
That also fails with error:
{
"error": {
"code": "NotFound",
"message": "{\"error\":{\"code\":\"NotFound\",\"message\":\"Sorry, the team was not found, or you may not have access to it.\",\"details\":[],\"innererror\":{\"code\":\"TeamNotFound\"}}}",
"innerError": {
"date": "2020-09-05T08:59:55",
"request-id": "id"
}
}
}
Pleaset help me understand what i am doing wrong!
Thank you in advance!
Solved (itself).
So what was happening:
i created a team (directly or from a group).
created a schedule for the team.
get the schedule for the team, and see the response:
"enabled": false,
"provisionStatus": "Failed", (so not running or queuing or something)
"provisionStatusCode": "GraphResourceNotFound",
struggle few (like 4-5) days
without changing a thing, get the schedule showing:
"enabled": true,
"provisionStatus": "Completed",
"provisionStatusCode": null,
Maybe it would help others to see the possible wait time length or add a clarification about the provisionStatus field’s status progression.
Using https://graph.microsoft.com/beta/oauth2PermissionGrants I now cannot use POST to update B2C apps to grant them access to API's due to an error : Missing property: expiryTime
We've been using the BETA endpoint to update our B2C apps to grant them access to various API's using a Powershell script I created however in the last week or so something has changed on the back end as we now receive an error when attempting a POST : Missing property: expiryTime. The expirytime however is present in the JSON.
We can POST via graph.windows.net using the same JSON so this is something specific to the BETA endpoint. When querying the App's Oauth2permissiongrants I also cannot see the expirytime or starttime using graph.microsoft.com for some reason.
Please see the code below and let me know if I can answer any questions.
https://developer.microsoft.com/en-us/graph/graph-explorer#
POST https://graph.microsoft.com/beta/oauth2PermissionGrants
{
"clientId": "APP servicePrincial ObjectID",
"consentType": "AllPrincipals",
"expiryTime": "2030-05-12T19:34:28.9831598Z",
"principalId": null,
"resourceId": "02bccee7-8958-4e5e-89c7-466a5370a205",
"scope": "user_impersonation"
}
{
"error": {
"code": "Request_BadRequest",
"message": "Missing property: expiryTime",
"innerError": {
"request-id": "b15edafa-1415-4430-9d89-5ea3fb824f9c",
"date": "2019-09-16T11:29:39"
}
}
}
I need to read the list of synchtonizationProfile entities. I get accessToken using grant_type=code and requested permissions for EduAdministration.Read and EduAdministration.ReadWrite (as specified in the documentation).
But when I try the request, I get the following error:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource.",
"innerError": {
"request-id": "1a47270e-f902-48af-81cc-5ed8e279b050",
"date": "2017-12-21T12:20:27"
}
}
}
The problem only with the /synchronizationProfiles endpoint.
What is the problem? And how to solve it?