Why does this Microsoft Graph request works for most users, but returns "Bad Request - Error in query syntax" for guest users? - microsoft-graph-api
Sometimes, I do a request to get the value of several fields for a given user.
Here is an example of such a request that works for a given user(the id corresponds to a user of type "Member"):
https://graph.microsoft.com/v1.0/users/bba8407c-2f05-4e91-b27e-a207689a085f?$select=passwordProfile,aboutMe,accountEnabled,assignedLicenses,assignedPlans,birthday,businessPhones,city,companyName,country,department,displayName,givenName,hireDate,imAddresses,interests,jobTitle,mail,mailboxSettings,mailNickname,mobilePhone,mySite,officeLocation,onPremisesImmutableId,onPremisesLastSyncDateTime,onPremisesSecurityIdentifier,onPremisesSyncEnabled,passwordPolicies,pastProjects,postalCode,preferredLanguage,preferredName,provisionedPlans,proxyAddresses,responsibilities,schools,skills,state,streetAddress,surname,usageLocation,userPrincipalName,userType
No problem here. But doing the same request for another user of type "Guest", I get an Http 400 (bad request). Here is a request that fails, even if the format is exactly the same:
https://graph.microsoft.com/v1.0/users/3e3fac9d-ad76-4f9a-b86c-b4691a524572?$select=passwordProfile,aboutMe,accountEnabled,assignedLicenses,assignedPlans,birthday,businessPhones,city,companyName,country,department,displayName,givenName,hireDate,imAddresses,interests,jobTitle,mail,mailboxSettings,mailNickname,mobilePhone,mySite,officeLocation,onPremisesImmutableId,onPremisesLastSyncDateTime,onPremisesSecurityIdentifier,onPremisesSyncEnabled,passwordPolicies,pastProjects,postalCode,preferredLanguage,preferredName,provisionedPlans,proxyAddresses,responsibilities,schools,skills,state,streetAddress,surname,usageLocation,userPrincipalName,userType
So the request syntax is identical, the only part that changes is the user id. But the second one returns "Bad Request - Error in query syntax". What is going on here? Why can I not do that request for guest users?
I can reproduce this problem for any tenant. It never works for any guest user.
Request-id of the failing request: 49e80d99-5074-4404-900f-e1d14889bf2b
it appears that some of those properties are unavailable for guest users. If you want to fetch non-guest users, you can use $filter syntax such as https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Member'
Related
Issue with Graph API in Power automate
I am trying to get all users out of a tenant with power automate. But when i try to filter out users with userType Member. I keep getting the error: Enter a Valid URI ( even tough i am using a valid URI that is used inside the docs) https://graph.microsoft.com/beta/users?$filter=userType eq 'Member'
Do not specify $filter query in URI but add it to Queries. Example (not sure if I'm using the same trigger):
Omniauth-slack scope error
I would like to receive both a webhook url and the list of channels but have been unable to with the following scopes: 'channels:read,incoming-webhook' (This only has the single channel that was selected) 'channels:list,incoming-webhook' (This says: OAuth Error: invalid_scope: Invalid scope channels:list) How can I get this information in one oauth? Here is another site I used to try to troubleshoot this issue.
channels.list is a method and so you you have to make another 'get' to get this data. Here is an example: https://api.slack.com/methods/channels.list/test
Is it a requirement of RFC-6749 to return scope params when the scope doesn't change?
From what I can tell from https://www.rfc-editor.org/rfc/rfc6749#section-3.3, Isn't required to return the scope (unless the scope was changed), am I reading this correctly? I noticed that Google wasn't sending while I was troubleshooting #28011269, is this normal, though?
The Authorization Server may choose not to send a scope value in the response if all of the requested scopes in the client's request were granted. If any of the requested scopes were not granted, it must return the actual granted scopes. Also, if the client did not request any specific scopes, it may choose not to return a scope value assuming that it has a documented default value and the client knows about it, or else it may fail the request indicating an invalid scope.
Getting Facebook Page's Ratings
I am looking to pull a public Facebook page's ratings into a Ruby on Rails app.
Essentially what I'm looking to do is run a rake task as a cron job that looks for new reviews on one particular Facebook page (the page I need will not change) and pulls them into the app. I've explored Facebook's API and the Koala gem and can't get to the page data. I'm just not sure how I can get an access token outside a browser. In addition, if I were to get the access token, it doesn't seem I can get to the ratings data without being the owner of the page.
One route I took was to send a simple GET request to the page. Something like https://graph.facebook.com/{page-id} works fine, but https://graph.facebook.com/{page-id}/ratings throws the following:
{
"error": {
"message": "(#210) Subject must be a page.",
"type": "OAuthException",
"code": 210
}
}
What is the simplest way to get to this data?
As mentioned in the question's comments, I needed to be authenticated as a Facebook user with admin access to the Facebook Page of interest because I need to get a token from that.
After getting access to the page, I accomplished the API call via the Koala gem. I initialized Koala with the app:
config/initializers/facebook.rb
$facebook = Koala::Facebook::OAuth.new(
"my_facebook_app_id",
"my_facebook_secret",
"my_facebook_redirect_url"
)
Since I only needed to get the token for one user in one scenario, I did so via the admin side of my app, in my facebook_controller.
In this controller action, I look for the code parameter in the route. If we don't find it, we send to the authorization url, otherwise we process and store the Facebook user token in the User model in a pre-determined and predictable record.
app/controllers/admin/facebook_controller.rb
def auth
if params[:code].present?
code = params[:code]
token = $facebook.get_access_token_info(code)
User.find_by_email('admin#example.com').update(
:fb_access_token => token['access_token'],
:fb_token_expires => token['expires'].to_i.seconds.from_now
)
redirect_to admin_dashboard_path
else
redirect_to $facebook.url_for_oauth_code(:permissions => "manage_pages")
end
end
Once I have an active token, I can acquire the page token like so:
user = User.find_by_email('admin#example.com')
user_graph = Koala::Facebook::GraphAPI.new(user.fb_access_token)
accounts = user_graph.get_connections('me', 'accounts')
page_token = accounts[0]['access_token']
page_graph = Koala::Facebook::API.new(page_token)
ratings = page_graph.get_connection('me', 'ratings')
At this point, I have the collection of ratings objects stored in the ratings variable. I can do whatever I need with these ratings at this point.
Note: In this particular case, I new the Facebook Page was the first account in the array of user accounts. This took some trial and error, but can be accomplished by iterating over the user accounts array (in this case, stored in accounts) if you can't predict the index of the desired account.
It seems to be a bug of Facebook Graph API. I have exactly the same problem.
I can get lists of all other objects but I do get an error when requesting /{page-id}/ratings. The JSON payload returned by Facebook Graph API is the following:
{
"error": {
"message": "(#210) Subject must be a page.",
"type": "OAuthException",
"code": 210
}
}
Google contacts API 401 error RestClient::Unauthorized
I want to retrieve the Google contacts from a user in Ruby on rails using Restclient, but I every time I tried, I face a Restclient 401 Unauthorized error on my query line. I assume that my query is wrong or missgin something, but I didn't find anything usefull in the Google Contact API doc.
Any idea ?
Here's my scope
scope = 'https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile+https://www.google.com/m8/feeds/contacts/default/full/+https://mail.google.com/mail/feed/atom/+https://www.googleapis.com/auth/calendar'
Here's my method I call with a freshly received access_token
def import_google_contact(user_email, access_token)
r = RestClient.get "https://www.google.com/m8/feeds/contacts/#{user_email}/full?access_token=#{access_token}"
...
end
Which is weird since I manage to get the user email just before in the same method using this request
r = RestClient.get "https://www.googleapis.com/oauth2/v2/userinfo?access_token=#{access_token}"
I discovered I didn't put the right parameter in the scope to request contacts data? I replaced it by https://www.google.com/m8/feeds This is weird because Google accepts a wrong one during the authorization process