Authentication error when reading Microsoft Graph /synchronizationProfile - microsoft-graph-api

I need to read the list of synchtonizationProfile entities. I get accessToken using grant_type=code and requested permissions for EduAdministration.Read and EduAdministration.ReadWrite (as specified in the documentation).
But when I try the request, I get the following error:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource.",
"innerError": {
"request-id": "1a47270e-f902-48af-81cc-5ed8e279b050",
"date": "2017-12-21T12:20:27"
}
}
}
The problem only with the /synchronizationProfiles endpoint.
What is the problem? And how to solve it?

Related

How to $filter appRoleAssignments based on appRoleId?

I have an enterprise application registered in Azure AD Tenant. It contains certain appRoles which have been assigned to Azure AD Users. Now, I would like to fetch all the users having some specific appRoles.
I have tried this:
GET /servicePrincipals/{id}/appRoleAssignedTo
taken from here:https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-beta&tabs=http#optional-query-parameters
It seems like I am able to fetch all the appRoleAssignments successfully using this API, but whenever I put a filter such as: appRoleId eq {app-role-id} I am geting error like:
{
"error": {
"code": "Request_BadRequest",
"message": "Invalid filter clause appRoleId: System.Guid",
"innerError": {
"date": "2021-10-25T16:33:41",
"request-id": "{request-id}",
"client-request-id": "{client-request-id}"
}
}
}
And whenever I put single quotes, like appRoleId eq '{app-role-id}', I get this error:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"date": "2021-10-25T16:34:30",
"request-id": "{request-id}",
"client-request-id": "{client-request-id}"
}
}
}
I tried with both v1 and beta endpoint. So how do I filter on appRoleId?
It seems that Microsoft Graph does not support the $filter on appRoleId yet. They already have an open issue:
https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/990
There is also a feature request here which we can upvote: https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/application-api-add-support-for-filtering-approleassignment-by/idi-p/2433822
Also in the Doc, $filter is only provided on principalDisplayName and resourceId
[1]: https://i.stack.imgur.com/ZVD8Y.png

Issue while accessing data from Graph API

When accessing data using https://graph.microsoft.com/beta/teams/{id}, it is failing with 400 bad request without any error details. {id} is the value received from the response of https://graph.microsoft.com/beta/groups.
Following response is returned.
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2021-10-15T15:01:43",
"request-id": "1d82fe40-5186-46fc-9fb7-c16341eb1ffb",
"client-request-id": "29c9e68d-bfd8-6f53-65c4-c49a82581a76"
}
}
}
We tried using MS graph SDK as well as graph explorer. All the consent are given for the end point.
What could be the reason for the error?

Microsoft Graph GetChat API returns forbidden error for some chats

The GetChat API (https://graph.microsoft.com/v1.0/chats/{chatid}) from Microsoft Graph returns error 403 (Forbidden) for some chats when using application permissions. The application being used has Chat.Read.All permissions with admin consent granted. Also, the same application returns success for other chats.
Following are errors for couple of requests to get chat, that were tried using Postman:
1:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:16:26",
"request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41",
"client-request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41"
}
}
}
2:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:18:37",
"request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4",
"client-request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4"
}
}
}
You could try couple of things here -
Try the same API call in Graph explorer and observe if you still see this error. This will help in identifying if there is any issue with the token that you have generated.
You may have changed your API permissions after giving your application admin consent. When you give admin consent, Azure AD will take a "snapshot" of the permissions at the time of consent. Then if you change the permissions later, you will need to re-do the admin consent process again.
Personal accounts are not supported. Refer permissions here.

Unsupported Segment Type returned on GraphAPI callRecords

I have an active GraphAPI subscription to /communications/callRecords which is successfully returning the callid for calls. When attempting to get the call details using the following request:
https://graph.microsoft.com/beta/communications/callRecords/45578cfe-8329-48b7-ba6b-54a627b00bf4?$expand=sessions($expand=segments)
I receive the following error:
{
"error": {
"code": "BadRequest",
"message": "Unsupported segment type. ODataQuery: /communications/callRecords/45578cfe-8329-48b7-ba6b-54a627b00bf4",
"innerError": {
"date": "2020-11-24T12:34:11",
"request-id": "277b4fa1-11a5-4922-94d7-83fec3a57572",
"client-request-id": "277b4fa1-11a5-4922-94d7-83fec3a57572"
}
}
}
I get the same error if I change the GraphAPI call to /v1.0/. I am sure this worked previously but can't seem to work out what may have changed.

"Unknown Error" in Microsoft Graph Explorer

I'm using the Microsoft Graph Explorer on the Microsoft Planner (formerly Tasks) API.
I can requests users fine, e.g. /beta/users.
But when I try to access my plans using /beta/me/plans or /beta/plans/{ID}, I get an unknown error with the details below:
Status Code: 403
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"request-id": "62299f57-1792-4b0c-8b60-8613c54f4f50",
"date": "2017-01-17T21:12:51"
}
}
}
I'm trying to query the tasks on a plan that I own.
This API has changed. This URL should be
GET https://graph.microsoft.com/v1.0/me/planner/plans

Resources