I am invoking Micosoft graph API's to integrate its functionality in my custom application.
When I go to invoke API to delete conversation using group id and conversation ID, I get below response . I am looking at API as mentioned in official Graph API docs. Any idea what is wrong ? I have Group.ReadWriteAll permission for User
{
"error": {
"code": "ErrorInvalidOperation",
"message": "ConversationId isn't supported in the context of this operation.",
"innerError": {
"request-id": "d90689bb-6a3d-4e51-b538-58ecaafaa626",
"date": "2020-05-04T11:02:27"
}
}
}
Conjecture since I don't have enough information:
Currently, DELETE conversation is only supported for delegated access for organizational or school accounts. You cannot use DELETE conversation for application access (when there is not interactive login). You also can't use it with delegated access for personal accounts (outlook.com).
Please provide a sanitized URL and request body as that will make it easier to answer this question.
Related
I am currently using the Microsoft graph API to get events from Outlook, but I would like to change to the calendarView endpoint instead. However, I am facing a number of challenges when using delta links on other users calendars with delegated access.
My first call to the delta endpoint works as intended, but when I try to use the link in #odata.nextLink for next delta data I get an permission error - and can't see what should cause this error
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"date": "2022-12-06T18:03:31",
"request-id": "961ca04c-0000-0000-0000-000000000000",
"client-request-id": "2dc7f5ea-0000-0000-0000-000000000000"
}
}
}
Delta querying works fine when done on the events endpoint so I am a bit lost in what to check for?
As you said you are facing challenges while using delta links on other users calendars with delegated access. For accessing other user data ,which required application permission , where as delegated permission required user to signIn , please check the doc for more info regarding delegated permission vs application permission .
Could you please try adding Calendars.Read application permission instead of delegated permission - https://learn.microsoft.com/en-us/graph/api/event-delta?view=graph-rest-1.0&tabs=http.
Hope this helps
Thanks
I ran into this issue recently and found a partial answer at https://learn.microsoft.com/en-us/answers/questions/587998/deltatoken-for-calendar-events-requiring-elevated.html
I asked my Active Directory admin to give manage access for the account associated with my bearer token, and the delta events are now working. That is, myuser#example.com now has manage permissions for shared-calendar-user#example.com. This isn't ideal, but it's acceptable for my use case.
I'm trying to use the beta api of LearningProviders described here: https://learn.microsoft.com/it-it/graph/api/employeeexperience-list-learningproviders?view=graph-rest-beta
I'm in a tenant with the new viva integration activeted and in teams i can see correctly all the feature.
With an admin account i'm trying to use the API but I only recive 401 Error with the following body when I try to call the api /employeeExperience/learningProviders
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2022-07-29T12:50:14",
"request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2",
"client-request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2"
}
}
}
I tried both to call the API from the graph explorer (And i've added the correct permission to the Graph Explorer app registration) and also with a new app registration with the correct delegated permission.
I'm not able anyway to get any response.
Anyone facing the issue?
Thanks
thanks for reaching out to us .
Could you please decode your access token in http://jwt.ms/ and make sure you have LearningProvider.Read delegated permission added in your scopes .
please let us know if you have any query,
thanks
permissions - https://learn.microsoft.com/en-us/graph/permissions-reference#delegated-permissions-27
While integrating onlinemeeting schedule api using microsoft graph
schedule api https://graph.microsoft.com/v1.0/me/onlineMeetings
Used to call api using token generated from https://login.microsoftonline.com/tenant id/oauth2/v2.0/token
Getting below response but its working fine in https://developer.microsoft.com/en-us/graph/graph-explorer
{
"error": {
"code": "Forbidden",
"message": "",
"innerError": {
"request-id": "b0a472d0-1658-480b-b41f-855bbe87b705",
"date": "2021-05-12T18:55:15",
"client-request-id": "b0a472d0-1658-480b-b41f-855bbe87b705"
}
}
}
As already stated, you’ll need to have the global admin execute some powershell to activate your application to allow to create online meetings for all/some users.
I’m just wondering what your use case is, for creating just the online meeting without a calendar event?
You can just do the same by creating an event in the users’ calendar and setting that you want an online meeting attached. That way only needs access to the users calendar and doesn’t need some special policy. Additionally the item with join button is right there in the users calendar.
We have created a WP that we have published to Teams that would give owners the possibility to modify the external sharing setting ("AllowToAddGuests") from a tab in their Teams.
We are experiencing a problem when we try to do the set of AllowToAddGuests using an owner account.
The Teams app has :
{
"resource": "Microsoft Graph",
"scope": "Directory.ReadWrite.All"
}
As per MS Graph docs
https://learn.microsoft.com/en-us/graph/api/directorysetting-update?view=graph-rest-beta&tabs=http
should work fine with delegated.
If I execute the graph call in the graph explorer using the owner user it gives the same access error.
All permissions are granted at admin level.
If a global admin is used, then all works fine.
The error I am receiving is the following:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-07-02T15:18:56",
"request-id": "84fe9be9-a4b0-4023-93e6-68dd780ce2ea"
}
}
}
Has the owner the possibility to change the flag AllowToAddGuests or should I do this via an App reg?
Thanks for the answers.
Alex
I am posting this here so that if anybody looks for the same information, they have it here.
At the time of this writing, the answer we got from Microsoft is that for this call to work, the user performing the call (in our case one of the owners) needs to also be a Group Administrator. For our use case this was not doable as any user in the company can potentially be an owner of a MS Teams.
The solution we have chosen is to use application permission with Directory.ReadWrite.All to perform the call. This works as expected now.
Microsoft has also promised they will update the documentation in order to include the current information.
I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.