We have deployed Exchange server hybrid mode with Office 365.
However, we cannot use MS Graph API to get messages in mailboxes on Premise Exchange.
Below is the error we have got:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "75aa59fb-06a3-4788-b2ac-d5cec9a6dbeb",
"date": "2019-11-20T19:21:31"
}
}
}
Related
I have an Application which accesses channel messages in Microsoft Teams. We have been using the "Group.Read.All" permission for the last few months to access these messages, but just today we have started getting 403 for these requests? Has something changed?
I appreciate the docs flag this as "Not supported" but it has been working with no issue until today.
We are trying to use the following request;
https://graph.microsoft.com/beta/teams/{id}/channels/{id}/messages
However we are now getting a 403 Forbidden response;
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "xxx",
"date": "xxx"
}
}
}
It looks as though Microsoft has locked down these particular permissions and you'll need to request access to them for your particular app. See their documentation here: https://learn.microsoft.com/en-us/graph/teams-protected-apis
I've a Node.js API which is authenticated using passport and passport-azure-ad's OIDC strategy.
After User's authentication I get User's profile, access_token, refresh_token, sub and ISS.
Then I use the same access_token to get User's details from Microsoft graph using this API - https://graph.microsoft.com/v1.0/me
When I request, it prompts me this error,
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "04048b3a-7636-4197-88ef-1f08d3a07c9e",
"date": "2018-12-26T09:40:58"
}
}
}
When I use OAuth 2.0 and get the access_token and use that access_token to access the same API, the details are returned successfully.
Although even I tried matching the access_tokens returned by Open ID connect and OAuth 2.0, they differ despite logging in as a same user.
I don't understand why the access_token returned by the Open ID connect didn't worked.
my fellow created a project at google console, and he can always use the youtube analytics api to query a specific channel through oauth. Then he appointed me as an owner of the project, but when i used the same parameter to query the analytics api, it said i had not permission, as follow:
403
- Show headers -
{
"error": {
"code": 403,
"message": "Forbidden",
"errors": [
{
"message": "Forbidden",
"domain": "global",
"reason": "forbidden"
}
]
}
}
I think it's because i have no relative permission for these channel. but i have no idea how to get the permission of the youtube analytics api for a specific channel.
And i am confused that how is the project which is created in the google console associated to a youtube channel? Is't by the account who creates them?
I am developing an application which can read and write user's outlook tasks. I'm able to read the tasks assigned to my user id with the below API.
https://graph.microsoft.com/beta/users/me/outlook/tasks
When I try to read other user's tasks by providing the userPrincipalName I'm getting 403 error.
Request: https://graph.microsoft.com/beta/users/support#foobar.com/outlook/tasks
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "05fab540-3638-4b61-95ef-f2470539f385",
"date": "2018-04-07T07:25:06"
}
}
}
I thought it is an application/delegated permission assigned to the application I have registered in Azure portal. But I doubt whether Microsoft allows us to read and write other user's task.
Please let me know whether it is possible to read other user's tasks.
I'm getting the same error as "Unknown Error" in Microsoft Graph Explorer, hitting the v1 and the beta api directly. E.g. beta/groups/<group id>/planner/plans or, beta/planner/plans/<plan id>
It shows as a 401, but error code is UnknownError. I know the plan exists because I can visit it in the browser. Any thoughts/suggestions?
Full output:
{
"error": {
"code": "**UnknownError**",
"message": "...401 - Unauthorized: Access is denied due to invalid credentials....
You do not have permission to view this directory or page using the
credentials that you supplied...",
"innerError": {
"request-id": "02fde3c3-a56c-4134-b483-0b53aee88410",
"date": "2017-09-13T05:51:31"
}
}
}
I'm afraid Application permissions (which are used the client_credentials flow) are not supported with Planner. In order to interact with Plans, you'll need to use a flow that supports Delegated permissions.
From the documentation:
Delegated (work or school account): Group.Read.All, Group.ReadWrite.All
Delegated (personal Microsoft account): Not supported
Application: Not supported