MS Graph Explorer - query for OneDrive Business Account is failing
-More info found on the following github issue:
https://github.com/OneDrive/onedrive-api-docs/issues/1099
-Contacted Office 365 support who referred me here. Microsoft support case: 15301860
MS Graph explorer query:
https://graph.microsoft.com/v1.0/drives/b!a-oNn_Mnm02gMc86rSUI27vOcAGlo8BAhT7CxagLgF2oTC6OgbRmSaXoOirrlVDs/items/01ICHZFV56Y2GOVW7725BZO354PWSELRRZ
Expected Behavior:
The item query should return objects.
Actual Behavior:
OneDrive responds with a 404 error - when it should return with valid data that exists.
When Graph makes a call to SharePoint to fulfill a /v1.0/drives request it hits the tenant host, where as it will hit the personal site host for /v1.0/me/drive. As a result of this, the /v1.0/drives scenario can fail if the tenant's root site is inaccessible which looks like what you're seeing.
I will mention that we're investigating improving this experience, so hopefully in the future you won't hit a failure for this scenario.
Related
When I load pages via
https://graph.microsoft.com/v1.0/me/onenote/sections/{ID}/pages?$top=100&$orderby=createdDateTime%20desc
the results are not up-to-date, even though changes have been synced across other devices.
There should be 4 pages in the section. This is what is in the response:
two existing pages (two are missing)
several other pages that were previously deleted, but when I try to fetch the HTML contents, I get a 404. The pages were deleted via DELETE https://graph.microsoft.com/v1.0/me/onenote/pages/{ID} per the docs
Does it work via the OneNote API?
Per #codeye's suggestion (see comments), I'm trying to access the pages via the one note API. It seems unclear whether this is still possible:
The API is deprecated and scheduled to sunset November 2022.
The docs refer to registering the application in the Microsoft account Developer Center, which appears to be obsolete and points back to the Azure portal
Later in the same doc, they refer to permissions like office.onenote_update that no longer seem to exist i.e. I can't find them in the Azure Portal. I do see permissions with the same name from two places: Microsoft Graph and OneNote - perhaps the permissions have been renamed?
However, after adding One Note ->
Notes.ReadWrite, logging out and reauthenticating, I'm still getting HTTP errors on onenote.com URLs like:
401 from https://www.onenote.com/api/v1.0/me/notes/sections/{ID}/pages?$top=100&$orderby=createdDateTime%20desc (as #codeye suggested below, tried with and without query parameters)
401 from https://www.onenote.com/api/v1.0/notebooks (URL from the docs
404 from https://www.onenote.com/api/v1.0/me/notebooks (same URL as previous, but with me/ segment added
Microsoft introduced a special folder in OneDrive (I only see it in a personal OneDrive account, not in OneDrive for Business) called "Personal Vault". I searched the documentation of MS Graph API but could not find this mentioned.
So my question is: is there any way to access this personal vault as a third-party app?
Same problem here.
Funny thing is that:
It does not appear in the root children
It appears if you call the delta API where you can see a folder with the
specialFolder attribute not null and whose specialFolder.name is
"vault". This specialFolder, though, has the deleted facet, with the
state set to "hardDeleted". If you extract the ID from the delta API
call and try to address the folder directly with
https://graph.microsoft.com/v1.0/me/drive/items/{id}, however, you
get an access denied error
I've been trying this scenario on a couple of different tenants so far:
use an existing team or create a new one through the UI
add a tab (let's say OneNote) to a channel
query the list tabs endpoint (through graph explorer)
I always get a 404 response. If I replace in my query tabs by messages I get the messages.
In terms of permissions I have the default graph explorer one + Group.Read.All.
Here is the latest request Id I got 2a180611-b637-4aa4-be27-9e42cbb27ab9 on tenant dev2tolead12. (GET https://graph.microsoft.com/beta/teams/7471ee8d-0ed3-4f22-80ee-3b513e42e6ac/channels/19:9a0544b274654ef8ac97761ebd91b471#thread.skype/tabs)
My question: what am I missing for this request to work?
Sorry, we thought we had deployed the tabs API to all tenants, but had actually deployed it to only some of them – this has been fixed.
The endpoint started working in my tenants today. My guess is Microsoft fixed something recently
I am trying to use the graph API (v1.0) to search for files and folders within our team's sharepoint/onedrive folders but when using an app-only token I consistently get no results for any /search(...) request I try.
I have an registered and application with https://apps.dev.microsoft.com and have requested and granted consent for the permissions stated in the API Documentation;
User.ReadWrite.All, Group.Read.All, Sites.Read.All, Sites.ReadWrite.All, Group.ReadWrite.All, Sites.Manage.All, Files.ReadWrite.All, User.Read.All, Files.Read.All, Sites.FullControl.All
When I request a token from https://login.microsoftonline.com/ I can see the granted permissions in the payload.
Using this token I can successfully access the drive and retrieve information about its contents using drive/root
I have a small test folder structure that contains a few simple text files.
I can confirm that this token gives me access to my files and folders by calling drives/{driveid}/items/{folderid}/children recursively to build a complete tree structure.
However, when I try to search the drive for filenames or text phrases that I know exist I get no results at all, no matter what combination of paths or search terms I use. I've never seen a search result from an app-only token.
Examples that I've tried;
sites/root/drive/search(q='test')
drive/root/search(q='test')
drives/{driveid}/search(q='test')
drives/{driveid}/root/search(q='test')
The phrase "test" exists both as a filename and also within the text content of some of the files.
I get an HTTP:200 response but the value collection https://graph.microsoft.com/v1.0/$metadata#Collection(driveItem) is always empty.
I'm building http requests in my application (Coldfusion), not using a SDK.
I wondered if I was having encoding problems so have tried various approaches of url-encoding the search part of the url (q='test') etc.
I've also tried running the same requests with Postman and cUrl but the results are the same. Empty.
The only thing that works is when I try the same searches using the Graph Explorer I get the results I would expect to see.
I know that Explorer uses a different type of token so I'm wondering if this is and issues related to my token being app-only.
Does anyone know if .../search() actually work for app-only tokens?
Does anyone know if .../search() actually work for app-only tokens?
The answer is yes, ../search() actually work for app-only tokens
Based on my test, the following search API works well for app-only token
https://graph.microsoft.com/v1.0/drive/root/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/drives/{driveid}/root/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/drives/{driveid}/microsoft.graph.search(q='test')
https://graph.microsoft.com/v1.0/sites/root/drive/search(q='test')
For permission config, just put "Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All" into the GraphScopes in the project config file as docs states.
Above answer is based on your description:****register app in http://apps.dev.microsoft.com/. You can ignore the SDK although it is the best choice. If you don't have a project config with GraphScopes, you need to pass the scope to auth request, it is difficult for operation.
If your app-only mean register app in SharePoint online, then the Graph Search API won't work. SharePoint doesn't share AccessToken with Graph directly.
Here is the same question again. The answer has been commented by a microsoft developer. He confirmed, it was a bug.
I am currently working on a solution that is accessing OneDrive in Office 365 using Microsoft Graph. I am using the adal4j library to handle authentication and have configured the app in portal.azure.com.
My question relates the call to get the children for a specified drive. I am using a query similar to the one shown below, as I want to get folders and files at the root level of a specified users drive:
https://graph.microsoft.com/v1.0/users/*user id*/drives/*drive id*/root/children
When I login to the Graph Explorer and execute the query, I get a json result showing the root folder contents for the drive and user specified. All works as expected.
When I call it from my java application, the JSON node value is empty ([]).
Initially my thought was, because the Graph Explorer uses a different app id in the portal it was possibly something to do with access rights. However, I successfully read user profiles in our O365 tenant, the drive id's for each user, and if I execute the following:
https://graph.microsoft.com/v1.0/users/*user id*/drives/*drive id*/root/search(q='')
It provides me a complete list of all of the folders, sub folders etc within the appropriate user's drive.
Therefore, making me think this is a bug with the Graph query I am attempting to use rather than an authorization issue, but, that wouldn't explain why it works in the Graph Explorer.
The same java method is used for all calls, and the url is passed in as a parameter.
Just to follow up, the azure portal app permissions has the capability of adding permissions for the graph api. This was, indeed the problem. It would appear that the search was ignoring the permission and successfully reading the data whereas the /children call was honouring the security model. This caused a lot of confusion, but is now resolved.
Thanks Marc for your help.