Cannot update oauth2PermissionGrants using graph.microsoft.com - microsoft-graph-api

Using https://graph.microsoft.com/beta/oauth2PermissionGrants I now cannot use POST to update B2C apps to grant them access to API's due to an error : Missing property: expiryTime
We've been using the BETA endpoint to update our B2C apps to grant them access to various API's using a Powershell script I created however in the last week or so something has changed on the back end as we now receive an error when attempting a POST : Missing property: expiryTime. The expirytime however is present in the JSON.
We can POST via graph.windows.net using the same JSON so this is something specific to the BETA endpoint. When querying the App's Oauth2permissiongrants I also cannot see the expirytime or starttime using graph.microsoft.com for some reason.
Please see the code below and let me know if I can answer any questions.
https://developer.microsoft.com/en-us/graph/graph-explorer#
POST https://graph.microsoft.com/beta/oauth2PermissionGrants
{
"clientId": "APP servicePrincial ObjectID",
"consentType": "AllPrincipals",
"expiryTime": "2030-05-12T19:34:28.9831598Z",
"principalId": null,
"resourceId": "02bccee7-8958-4e5e-89c7-466a5370a205",
"scope": "user_impersonation"
}
{
"error": {
"code": "Request_BadRequest",
"message": "Missing property: expiryTime",
"innerError": {
"request-id": "b15edafa-1415-4430-9d89-5ea3fb824f9c",
"date": "2019-09-16T11:29:39"
}
}
}

Related

Add user in Azure AD using Microsoft Graph API

I am trying to add user using Microsoft graph API.
I have provided the consent for all the permissions required.
POST https://graph.microsoft.com/v1.0/users
Request body that is send to the post request.
{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV#contoso.onmicrosoft.com",
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
Error that is received in response
{
"error": {
"code": "",
"message": "No HTTP resource was found that matches the request URI 'https://outlook.office365.com:444/profile/v1.0/users('CID:0ff49e4749deeaf2')/profile?api-version=AGSV1-internal'.",
"innerError": {
"date": "2021-02-04T10:41:56",
"request-id": "025218e1-191c-464f-adf3-f0cdc5fcebfd",
"client-request-id": "c071d220-2f14-d7fa-956e-cd45ccbdc735"
}
}
}
Is there something that I am missing?
I have also gone through the docs for adding user provided by Microsoft.
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http
What you said in the comment is correct, the document has detailed instructions, it does not support Microsoft personal accounts.
You will have to check the end point are you using to authorize in order to obtain the token.
If you are using a tenant specific end point
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
Try replacing with the common endpoint
https://login.microsoftonline.com/common/oauth....

Microsoft Graph API Errors for ServiceNow

I am integrating ServiceNow with Teams specifically to push notifications to users and channels using microsoft graph api.
Issue #1 -
I have configured an OAuth profile for azure app to utilize microsoft graph API, setup required API permissions and calling various chat related API functions. For 'Create Chat' request I am getting below error:
responseBody: {
"error": {
**"code": "UnknownError",**
"message": "",
"innerError": {
"date": "2021-01-29T09:20:53",
"request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3",
"client-request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3"
}
}
}
API call -
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setHttpMethod("POST");
restMessage.setEndpoint("https://graph.microsoft.com/beta/chats");
restMessage.setRequestHeader('Content-Type', 'application/json');
restMessage.setRequestHeader('Authorization', 'Bearer ' + retrieveToken()); //retrieveToken() function creates access token.
restMessage.setAuthenticationProfile('oauth', 'a5325df007022010f60df7fc7c1ed0a2');
restMessage.setRequestBody(global.JSON.stringify(
{"chatType": "oneOnOne","members":
[
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
},
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
}
]
}
));
var response = restMessage.executeAsync();
var responseBody = response.getBody();
gs.info('responseBody: '+responseBody);
Most of the suggestions are to set appropriate API permissions. This is already set correctly on Azure (both delegated and apppication permissions) and in OAuth entity scope in servicenow.
Issue #2 -
For the same setup instead of usign scripted API, I defined REST Message record and trying to get the token by clicking 'Get OAuth Token' related link and getting following error:
https://dev72030.service-now.com/oauth_redirect.do?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27msgraph-client-app%27+asked+for+scope+%27**Chat.Read.All%27+that+doesn%27t+exist+on+the+resource**+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+b0b9ff39-fd1a-49c9-85fa-3c8c71943600%0d%0aCorrelation+ID%3a+9c276922-3a77-4cc1-890b-23177ffd1845%0d%0aTimestamp%3a+2021-01-29+10%3a31%3a27Z&state=-1877865371#
This say I need to set 'Chat.Read.All' API permission. This is already provided on both sides, Azure app and OAUth profile in SNOW.
What am I missing
Could you please check this docs? For second issue: Could you please check the permissions on src by going through the jwt.io

Create Team, 400 Bad Request, Required functionality is not supported

I'm trying to create a Microsoft Teams team in Migration mode via the Graph API. However I get a 400 response that I can't figure out. The query is shared in the link below.
Shared Query
For those that don't want to view it that way, here is my request:
POST https://graph.microsoft.com/beta/teams
Authorization: Bearer ...
Content-Type: application/json
{
"#microsoft.graph.teamCreationMode": "migration",
"template#odata.bind": "https://graph.microsoft.com/beta/teamsTemplates(\u0027standard\u0027)",
"displayName": "SlackMigrationTest",
"description": "testing slack migrations",
"createdDateTime": "2021-01-14T00:00:00.000Z"
}
I created this based on the microsoft doc here.
The reponse I get is:
The remote server returned an error: (400) Bad Request.
{
"error": {
"code": "BadRequest",
"message": "Required functionality is not supported.",
"innerError": {
"date": "2021-01-20T15:51:21",
"request-id": "dc4189cf-db4a-4a60-a271-f63b5d759a05",
"client-request-id": "dc4189cf-db4a-4a60-a271-f63b5d759a05"
}
}
}
I'm sure its something obvious that I'm missing but any help would be greatly appreciated.
Here you are using the User Context token and trying to make the call. This API call only works in Application context as shown in the below screenshot.
So use Client Credential flow and set Application permissions and then make a call.
As you can see below, it worked for me with App token.
You cannot test it in graph explorer because the Graph Explorer gets user token.

groupPolicyConfigurations/{groupPolicyConfigurationId}/updateDefinitionValues can't update configuration with API

I am trying to update my Microsoft Intune Configuration using Microsoft Graph API.
For this I am using Postman. I have set up an app registration to assign the needed permissions and retrieve an access token. This is working in so far that I can read most of my configurations.
Now I am trying to change a configuration using POST /deviceManagement/groupPolicyConfigurations/{groupPolicyConfigurationId}/updateDefinitionValues. (Docs)
Now the problem is when I forming the request according to the docs:
{ "added":[],
"updated":[{
"#odata.type": "#microsoft.graph.groupPolicyDefinitionValue",
"createdDateTime": "2017-01-01T00:02:43.5775965-08:00",
"enabled": true,
"configurationType": "policy",
"id": "<id>",
"lastModifiedDateTime": "2017-01-01T00:00:35.1329464-08:00"
}],
"deletedIds":[]}
I get:
error code: BadRequest
"date": "2020-11-04T19:04:33",
"request-id": "c66c508b-0f73-4e7f-966a-97bf460818be",
I also tried to inspect the requests sent by the Azure Portal when changing the it in the UI and the Graph API request sent by the UI is quite a bit different than the one from the docs:
{ "added":[],
"updated":[{
"id":"<id>",
"enabled":true,
"presentationValues":[],
"definition#odata.bind":"https://graph.microsoft.com/beta/deviceManagement/groupPolicyDefinitions('<id>')"
}],
"deletedIds":[]}
and this one returns a HTTP 403 Forbidden I get a
error code: BadRequest
"date": "2020-11-04T19:04:27",
"request-id": "c70d67bc-b4d4-40cc-b2c9-7d60896f972a",
Unfortunately the response does not contain any information on what exactly the issue is and I don't know if there is any logs where I could find a more detailed error description.
Does anybody have experience with this and knows where I could get the correct payload for the request?

How to access shifts of a team? "Sorry, the team was not found, or you may not have access to it"

I would like to read a team's shifts using https://graph.microsoft.com/v1.0.
However i always fail with different errors and get contradicting server messages.
I send the API requests with Postman.
I am using Application authorization method. I think i have set all required Api permissions for my app.
I beleive i supply the correct headers, like:
Authorization
Content-Type
MS-APP-ACTS-AS
When i send the request like this to GET a team:
GET https://graph.microsoft.com/v1.0/teams/{id}
i get the following error message:
"error": {
"code": "NotFound",
"message": "No team found with Group Id {id}",
"innerError": {
"date": "2020-09-05T08:37:17",
"request-id": "id"
}
}
But when i try to create the team (from a group) like this:
PUT https://graph.microsoft.com/v1.0/groups/{id}/team
I get the error as follows:
"error": {
"code": "Conflict",
"message": "Team already exists",
"innerError": {
"date": "2020-09-05T08:33:33",
"request-id": "id"
}
}
When i try to make my actual call of interest, like:
GET https://graph.microsoft.com/v1.0/teams/{id}/schedule/shifts
That also fails with error:
{
"error": {
"code": "NotFound",
"message": "{\"error\":{\"code\":\"NotFound\",\"message\":\"Sorry, the team was not found, or you may not have access to it.\",\"details\":[],\"innererror\":{\"code\":\"TeamNotFound\"}}}",
"innerError": {
"date": "2020-09-05T08:59:55",
"request-id": "id"
}
}
}
Pleaset help me understand what i am doing wrong!
Thank you in advance!
Solved (itself).
So what was happening:
i created a team (directly or from a group).
created a schedule for the team.
get the schedule for the team, and see the response:
"enabled": false,
"provisionStatus": "Failed", (so not running or queuing or something)
"provisionStatusCode": "GraphResourceNotFound",
struggle few (like 4-5) days
without changing a thing, get the schedule showing:
"enabled": true,
"provisionStatus": "Completed",
"provisionStatusCode": null,
Maybe it would help others to see the possible wait time length or add a clarification about the provisionStatus field’s status progression.

Resources