I created standalone application on node.js authorized in AAD with client/secret with permissions to access groups, sites, directories. I managed to create Teams group and team by Microsoft Graph API but when I tried to fetch sites/root or drives
https://graph.microsoft.com/v1.0/groups/{groupId}/sites/root
https://graph.microsoft.com/v1.0/groups/{groupId}/drive
I received 500 Internal Server Error:
{
"error": {
"code": "generalException",
"message": "An unspecified error has occurred.",
"innerError": {
"request-id": (....),
"date": "2020-01-31T09:15:17"
}
}
}
Is access to sites and drives possible by Graph API with app token?
the error is causing by using "Group.Create","Group.ReadWrite.All" together
Yes it is possible. One possibility here is that if you are attempting to access the drive or site right after creating the team, they may not be provisioned yet. There is some delay that can happen, typically only a few minutes at most.
When you register your Azure Active Directory App, which supported account type are you choosing?
I had exactly the same issue as you, but I've created a new Azure AD App and changed the supported Account type back to the first option and all worked accordingly.
I hope this could help your issue.
Thank you.
Related
I'm trying to access reports from Graph API using the Graph Explorer. However, it throws 403 Unauthorised errors.
For example the request:
GET https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(period='D30')
throws the following error
{
"error": {
"code": "S2SUnauthorized",
"message": "Invalid permission.",
"innerError": {
"request-id": "fda8c3ec-1949-46a9-b179-e1017f7e94ab",
"date": "2020-04-02T01:01:08"
}
}
}:
According to the documentation this requires the permissions 'Reports.Read.All'
When looking at the permissions I have in the explorer it says that Reports.Read.All permission is 'consented'
This worked without issues in early December when I was first testing this, so unless something changed I don't know what is going on.
Am I misunderstanding what consented means in this context, or is this a problem with the Graph Explorer as this permission is marked as 'preview'?
Regardless of the source of the problem, does anyone know a way around this/how to fix it?
Please make sure,
try repro the above using MS Graph Explorer with your tenant!!
if you're using delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role
Let me know still you can repro the issue.
I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.
I've created a web app with Microsoft Graph API and it has been completed/tested and everything is working as expected. This web app is aimed to create calendar events for our Office 365 users. Right now there are a total of 9 users that calendar events are created for and two of them are having issues.
This is the specific response I get from Microsoft Graph API if I'm creating a calendar event for a user that is having issues:
Message:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "4d6efba0-fce2-4abe-9f60-be3df8b55d6f",
"date": "2018-08-29T15:26:58"
}
}
}
I know that everything I'm doing is correct as the other seven users have no issues so the issue must be with the office 365 account its self. I've looked into account settings/permissions and everything I've checked is identical to a user that is working.
One of the biggest issues I'm facing with this problem is I don't understand the error its self. When it says "ResourceNotFound" my guess is that it's saying that it can't find the user account even though it does exist.
My question is what should be the next steps be in order to find a resolution? Should I see if I can recreate the mailboxes and transfer the email from the broken account to a new account? Or should I continue to try to find the root problem?
I'm using Microsoft Graph API v1 with Administrator credentials via my software to create Events in a Group. However the response I get is a 403 with the following:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "c4754c79-5e3a-4f63-9f88-404100513796",
"date": "2018-07-11T10:11:27"
}
}
}
on a POST request to https://graph.microsoft.com/v1.0/groups/{idGroup}/events/
I have checked all rights provided to the app via Azure AD and everything is fine (tokens, code and scope with Group.Read.All Group.ReadWrite.All). The Group is also created, the users are added to it and the owner is the admin I use for the create request.
I have also tried on the Microsoft Graph API Explorer but i have the same error.
Yesterday morning the creation was possible but I think some rights were corrupted. Is anybody has got this problem before? How to fix it?
After a few days without any changes in the code the problem dissapeared.
I am still not sure of what happened, anyway thanks guys !
I am trying to create a worksheet using the Graph API and getting the below error. Everything on the URL seems right and I am unable to figure out what is causing the error. There is little help on the Graph API documentation also!
URL:
https://graph.microsoft.com/v1.0/me/drive/items/01FUAEYJMWQZF5VGFFL5G27P5AGS5M2FXD/workbook/worksheets
Error:
{
"error": {
"code": "AccessDenied",
"message": "Could not obtain a WAC access token.",
"innerError": {
"request-id": "44990b81-a8ee-489f-9fd8-d5f7c9a31bf1",
"date": "2018-05-07T14:02:08"
}
}
}
Microsoft documentation:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/worksheetcollection_add
Any pointers to the solution or what I might be doing wrong is appreciated. Thanks.
According to this post, "WAC is basically a designation for the Office web apps".
So this error probably means that something is tripping up the Graph server (in the file access authentication logic?), but the reported error is not specific enough, hence the generic "WAC Access Token" error.
This worked for me:
Make sure the file is in Sharepoint, not OneDrive (Microsoft Graph doesn't seem to play well with Excel files stored in OneDrive - I think I saw this on Reddit)
Is the file extension .xlsx? (According to this answer, .xltm can cause this error)
Does your user have the Files.Read permission?
Make sure you're using Delegated User permissions from and not Application permissions (GitHub issue)