We have an application that uses the MS Graph API to access users information along with getting user photo.
Application has been working fine until 2 months ago.
Now we're seeing an error "Error authenticating with resource" when accessing photo
Tried getting photo via MS Graph explorer using https://graph.microsoft.com/beta/me/photo/$value.
All delegated permissions have been granted.
Got an error:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2020-08-10T20:10:18",
"request-id": "cf458687-6aa9-49a6-a346-964daafefcc2"
}
}
}
The same result was using Postman with access_token.
Accesss token contains all needed permissions: https://www.screencast.com/t/BNeKELVaYEt
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2020-08-10T20:22:49",
"request-id": "704bd253-0953-48e1-857e-ec51f7651ed5"
}
}
}
Getting user profile works fine in both places.
We're also experiencing problem updating image in user list in Azure AD.
When we change user profile photo based on https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal, photo is not updated in user profile, however when adding user as owners to API registration, image is shown correctly.
Another strange thing that logged in user's photo(in top right corner) is different from the photo of same user from the list.
https://www.screencast.com/t/60rTsONZjzs
Still I am able to see correct image by accessing https://account.activedirectory.windowsazure.com.
Src for photo from there is /UserProfileImage/UserProfileImage?objectId={user_id}
Could you help me to figure out whether I am doing something wrong, or something does not work properly.
Thank you in advance!
Related
Using Microsoft Graph, I want to search for SharePoint sites containing specific names and moreover I want to get a list of all SharePoint sites.
I am using the following URL in the Graph Explorer:
https://graph.microsoft.com/v1.0/sites?search=test
or
https://graph.microsoft.com/v1.0/sites?search=*
When using an account from Company A everything works. I receive a list of all results.
But when using an account from Company B, I get a 404 NOT FOUND response for all queries (although there should be multiple results):
{
"error": {
"code": "itemNotFound",
"message": "Item not found",
"innerError": {
"date": "2022-01-01T14:59:35",
"request-id": "xxxxxx",
"client-request-id": "xxxxxx"
}
}
}
Maybe it has something to do with the rights of the users?
I tested with "normal" users at both companies.
Edit:
I also get an error (403 Access denied) using the following url:
https://graph.microsoft.com/v1.0/sites/root
But when accessing a specific site by it's id, everything works.
Edit 2
I noticed a relationship with the permissions of the root SharePoint site. If the user has no permission for that site, the mentioned queries are not working. I need to contact the admin of the system to check my suspicion.
I'm trying to get the chat messages from MS team channel using API.
https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages
It works in graph explorer and returns the list of all chat messages. But when I hit the same API within Postman it return the following error:
I have consented all the required permission in azure app. What else am I missing here. Has anyone faced similar issues?
Please let me know.
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2021-04-20T04:01:46",
"request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125",
"client-request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125"
}
}
}
list channel messages is under protected API in MS teams. Before calling this API with application permissions, you must request access. To get the access you have to apply request access form
I am able to read channel messages as long as I am a member of a particular channel but I am unable to read channel messages in which I am not a member but I am a global administrator with following delegated permissions.Can anybody help?
ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All
When I am trying to execute I am getting the following response
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2020-09-10T04:37:36",
"request-id": "727d898d-ee3e-484d-b2b6-46582834ca9c",
"client-request-id": "727d898d-ee3e-484d-b2b6-46582834ca9c"
}
}
}
You'll need to use Application rather than Delegated permissions for this. When you're using Delegated permissions, you can only access Channels you are a member of (i.e. the same Channels you see in the Teams app).
Note that these are Protected APIs, so you'll need to request access before you can use them (above and beyond the normal Admin Consent flow).
When trying to get messages as Admin (with Group.Read.All scope) I am getting following error:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "fc234750-dd35-4748-a1b3-baf4a7c5267c",
"date": "2018-11-14T09:16:55"
}
}
}
Getting teams and channels works.
I tried the same using my user (not an admin, just regular user that created the conversation) in graph explorer and everything works ok.
Is this a bug or a feature (only user giving his permission explicitly allows the app to read conversations) ?
Are you a member of the team? Admins don't get special privileges when working with messages – in order to read a message, they have to be a member of the team like anyone else.
When trying to retrieve data from a v1.0 report endpoint on a demo tenant, for example:
https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserCounts(period='D7')
I get this strange result:
{
"error": {
"code": "UnknownTenantId",
"message": "We do not recognize this tenant ID 3d64a....7279c0. Please double-check the tenant ID and try again.",
"innerError": {
"request-id": "7b7b8....8029b",
"date": "2018-04-30T09:32:46"
}
}
}
Instead of an HTTP 302 redirection to get the CSV report results (according to the doc).
I'm trying from Graph API Explorer, authenticated as tenant admin account, this has worked as expected before tenant expiration + extension (a few hours ago)
I will try in a few hours again, tomorrow etc. (I'll write the results here) because this error looks to be related to tenant expiration (or else, what is happening?)...