I'm using Microsoft Graph API v1 with Administrator credentials via my software to create Events in a Group. However the response I get is a 403 with the following:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "c4754c79-5e3a-4f63-9f88-404100513796",
"date": "2018-07-11T10:11:27"
}
}
}
on a POST request to https://graph.microsoft.com/v1.0/groups/{idGroup}/events/
I have checked all rights provided to the app via Azure AD and everything is fine (tokens, code and scope with Group.Read.All Group.ReadWrite.All). The Group is also created, the users are added to it and the owner is the admin I use for the create request.
I have also tried on the Microsoft Graph API Explorer but i have the same error.
Yesterday morning the creation was possible but I think some rights were corrupted. Is anybody has got this problem before? How to fix it?
After a few days without any changes in the code the problem dissapeared.
I am still not sure of what happened, anyway thanks guys !
Related
I'm trying to use the beta api of LearningProviders described here: https://learn.microsoft.com/it-it/graph/api/employeeexperience-list-learningproviders?view=graph-rest-beta
I'm in a tenant with the new viva integration activeted and in teams i can see correctly all the feature.
With an admin account i'm trying to use the API but I only recive 401 Error with the following body when I try to call the api /employeeExperience/learningProviders
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2022-07-29T12:50:14",
"request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2",
"client-request-id": "b985f230-5e34-4e95-9c03-4a192b9cd2e2"
}
}
}
I tried both to call the API from the graph explorer (And i've added the correct permission to the Graph Explorer app registration) and also with a new app registration with the correct delegated permission.
I'm not able anyway to get any response.
Anyone facing the issue?
Thanks
thanks for reaching out to us .
Could you please decode your access token in http://jwt.ms/ and make sure you have LearningProvider.Read delegated permission added in your scopes .
please let us know if you have any query,
thanks
permissions - https://learn.microsoft.com/en-us/graph/permissions-reference#delegated-permissions-27
I'm trying to access reports from Graph API using the Graph Explorer. However, it throws 403 Unauthorised errors.
For example the request:
GET https://graph.microsoft.com/v1.0/reports/getSharePointSiteUsageDetail(period='D30')
throws the following error
{
"error": {
"code": "S2SUnauthorized",
"message": "Invalid permission.",
"innerError": {
"request-id": "fda8c3ec-1949-46a9-b179-e1017f7e94ab",
"date": "2020-04-02T01:01:08"
}
}
}:
According to the documentation this requires the permissions 'Reports.Read.All'
When looking at the permissions I have in the explorer it says that Reports.Read.All permission is 'consented'
This worked without issues in early December when I was first testing this, so unless something changed I don't know what is going on.
Am I misunderstanding what consented means in this context, or is this a problem with the Graph Explorer as this permission is marked as 'preview'?
Regardless of the source of the problem, does anyone know a way around this/how to fix it?
Please make sure,
try repro the above using MS Graph Explorer with your tenant!!
if you're using delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role
Let me know still you can repro the issue.
I am trying to get a list of groups from https://graph.microsoft.com/v1.0/groups with the correct application permissions. I created an application in portal.azure.com and added application permissions (generated client secret etc). This seemed to be working but after adding and removing other permissions the application stopped working so I set up a new application (new client id and secret) with the same permissions when it was working and all expected calls are working expect https://graph.microsoft.com/v1.0/groups for which I get this error:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "adad2794-0000-43f6-812c-091acec39f7c",
"date": "2020-03-06T12:18:58"
}
}
}
I know the GUID for one of the groups and I can call the APIs for listing group files without and problems but just can't list groups!
Is there a permission I need to add that I'm missing? I'm sure I've added the required permissions, see screenshot.
Thanks.
try Directory.Read.All
Group.Read.All means that you can read everything about a group.
I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.
I am trying to create a worksheet using the Graph API and getting the below error. Everything on the URL seems right and I am unable to figure out what is causing the error. There is little help on the Graph API documentation also!
URL:
https://graph.microsoft.com/v1.0/me/drive/items/01FUAEYJMWQZF5VGFFL5G27P5AGS5M2FXD/workbook/worksheets
Error:
{
"error": {
"code": "AccessDenied",
"message": "Could not obtain a WAC access token.",
"innerError": {
"request-id": "44990b81-a8ee-489f-9fd8-d5f7c9a31bf1",
"date": "2018-05-07T14:02:08"
}
}
}
Microsoft documentation:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/worksheetcollection_add
Any pointers to the solution or what I might be doing wrong is appreciated. Thanks.
According to this post, "WAC is basically a designation for the Office web apps".
So this error probably means that something is tripping up the Graph server (in the file access authentication logic?), but the reported error is not specific enough, hence the generic "WAC Access Token" error.
This worked for me:
Make sure the file is in Sharepoint, not OneDrive (Microsoft Graph doesn't seem to play well with Excel files stored in OneDrive - I think I saw this on Reddit)
Is the file extension .xlsx? (According to this answer, .xltm can cause this error)
Does your user have the Files.Read permission?
Make sure you're using Delegated User permissions from and not Application permissions (GitHub issue)