We are using beta endpoint to post message to meeting chat
endpoint is
https://graph.microsoft.com/beta/chats/{chatId}/messages
but it is returning 403 Forbidden
HTTP/1.1 403 Forbidden
Cache-Control: private
Content-Type: application/json
request-id: 23b6427c-a3f2-4b53-85e4-4acc491ffa8e
client-request-id: b59322c2-b338-4862-8448-a3271c116ac1
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "23b6427c-a3f2-4b53-85e4-4acc491ffa8e",
"date": "2020-05-27T07:02:39"
}
}
}
permission scopes are
Calendars.ReadWrite Calendars.ReadWrite.Shared Chat.ReadWrite Directory.Read.All Files.Read Files.Read.All Files.ReadWrite Group.ReadWrite.All Mail.Send MailboxSettings.Read Notes.ReadWrite.All openid profile Sites.ReadWrite.All Tasks.ReadWrite User.Read User.ReadBasic.All
It is working for everybody except for this user
Related
I am trying to read emails of user a user in a tenant. The admin has granted consent for the following permissions:
offline_access AccessReview.Read.All AccessReview.ReadWrite.All Channel.ReadBasic.All ChannelMessage.Read.All ChannelSettings.Read.All Chat.Read ChatMessage.Read DelegatedPermissionGrant.ReadWrite.All Directory.Read.All Directory.ReadWrite.All Mail.Read Mail.Read.Shared Mail.ReadBasic Mail.ReadWrite MailboxSettings.Read openid profile TeamMember.Read.All TeamSettings.Read.All User.Read User.Read.All User.ReadBasic.All email
However, both in graph explorer and in PHP code, when I query the endpoint https://graph.microsoft.com/v1.0/users/<user_email>/messages, I get the error:
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store., Default folder AllItems not found.",
"innerError": {
"date": "2022-11-29T09:16:49",
"request-id": "2449c64a-9aa8-479d-8de4-923a2a306583",
"client-request-id": "5eb26a2e-54da-bba2-0adf-4fa7bca43df2"
}
}
What could I be doing wrong?
The below graph endpoint is used to grant access to the recipients on a drive item.
POST /drives/{drive-id}/items/{item-id}/invite
We are getting 400 Bad Request with Error code noResolvedUser, when a valid email address is added as recipient.
Request Method: POST
https://graph.microsoft.com/v1.0/drives/b\u00219b-VFEZXFE2F6XaM23GxN8X-1eQtnPNKnMeB6Rp23ucBGLuKk3pmT5OkkLL5Q1l7/items/01Q2A2TZG5GSOV2XYB7FEKPGK4VD6S7OI3/invite
Status Code: 400 Bad Request
client-request-id: e1646495-3606-4e49-88ad-2d977d284164
Cache-Control: no-cache
Content-Type: application/json
"error": {
"code": "noResolvedUsers",
"message": "One or more users could not be resolved.",
"innerError": {
"date": "2021-06-15T08:41:35",
"request-id": "607b3ce3-e29b-45a9-9942-7528e43fe8b4",
"client-request-id": "e1646495-3606-4e49-88ad-2d977d284164"
}
}
We could not find documentation for the error code 'noResolvedError'.
Many tenants are experiencing this. Knowing what is causing this error and how to fix it will be a great help.
This "drives" me crazy... I have an AAD app with following application permissions with Admin Consent:
Directory.Read.All
Files.ReadWrite.All
Group.Create
Group.ReadWrite.All
GroupMember.ReadWrite.All
Member.Read.Hidden
Organization.ReadWrite.All
People.Read.All
Sites.FullControl.All
Sites.ReadWrite.All
User.Read
Request:
https://graph.microsoft.com/v1.0/groups/{id}/drive/root
Response:
{
"error": {
"code": "serviceNotAvailable",
"message": "The service is not available. Try the request again after a delay. There may be a Retry-After header.",
"innerError": {
"request-id": "5ad04144-d8af-48ef-b9d3-43dafedb5911",
"date": "2020-02-15T13:28:08"
}
}
}
Decoded Token:
There's no Retry header and I've tried for several hours now.
If I send the query using a token generated with Authorization Code grant and the scope Group.ReadWrite.All User.Read profile openid email, it works like a charm.
$graph = new Graph();
$graph
->setBaseUrl("https://graph.microsoft.com/")
->setApiVersion("v1.0")
->setAccessToken($_SESSION['access_token']);
return $me = $graph->createRequest("get", "/me/manager")
->addHeaders(array("Content-Type" => "application/json"))
->setReturnType(Model\User::class)
->setTimeout("1000")
->execute();
Showing error is
HTTP/1.1 403 Forbidden Cache-Control: private Transfer-Encoding:
chunked Content-Type: application/json request-id:
b343d567-e1e2-4f46-8bd1-d80d27cf28ab client-request-id:
b343d567-e1e2-4f46-8bd1-d80d27cf28ab x-ms-ags-diagnostic:
{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"SliceC","Ring":"3","ScaleUnit":"001","Host":"AGSFE_IN_18","ADSiteName":"SEA"}}
Duration: 35.3167
Strict-Transport-Security: max-age=31536000
Date: Wed, 31 Oct 2018 11:57:45 GMT
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "b343d567-e1e2-4f46-8bd1-d80d27cf28ab",
"date": "2018-10-31T11:57:46"
}
}
}
THe access denied error means that you have not requested the right permission scopes in the application you registered. /me/manager requires specific scopes as documented here https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_manager.
Permission type Permissions (from least to most privileged)
Delegated (work or school account) User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
You can actually break into your code and check the access token you are receiving back from signing in and consenting. Use https://jwt.ms/ and you'll see the scopes that are embedded in the token.
I created an app on https://apps.dev.microsoft.com
with the following Application Permissions:
Calendars.Read (Admin Only) Calendars.ReadWrite (Admin Only) User.Read.All (Admin Only)
Admin Consent
Admin consent was then successfully granted via this URL
https://login.microsoftonline.com/strixtechnology.onmicrosoft.com/adminconsent?client_id=bbb35336-faee-4c10-84b4-34136634db41&state=1234&redirect_uri=https%3A%2F%2Fdashmeetings.com%2Fmicrosoft%2Foauth
Get access token
An access token was then obtained from
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
with headers
Content-Type=application/x-www-form-urlencoded
and body with key-value pairs
grant_type=client_credentials
client_id=bbb35336-faee-4c10-84b4-34136634db41
client_secret=xxx
scope=https://graph.microsoft.com/.default
This returns an access token.
Subscribe to notifications
Using that access token, I then try to subscribe to the events on a certain resource mailbox:
POST https://graph.microsoft.com/beta/subscriptions
with headers
Content-Type=application/json
Authorization=Bearer <access_token_here>
and body
{
"changeType": "created,updated,deleted",
"notificationUrl": "https://dashmeetings.com/microsoft/notify",
"resource": "users/mahogany#strixtechnology.com/events",
"expirationDateTime":"2017-12-01T11:00:00.0000000Z",
"clientState":"1234"
}
This returns a 401 Unauthorized with
{
"error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Unauthorized; Reason: Unauthorized]",
"innerError": {
"request-id": "98ce5e5e-1ce4-4417-8c35-456a3cc0e696",
"date": "2017-11-30T10:59:28"
}
}
}
This question seems similar to “Resource not found for the segment” using Graph subscription beta, but I follow the same steps without any luck
The admin consent URL had to be
https://login.microsoftonline.com/common/adminconsent?client_id=bbb35336-faee-4c10-84b4-34136634db41&state=1234&redirect_uri=https%3A%2F%2Fdashmeetings.com%2Fmicrosoft%2Foauth
and the access token address:
https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token