{ "error": { "code": "AuthenticationError", "message": "Error authenticating with resource.", "innerError": { "request-id": "525e9057-9f49-4ef3-b3d1-200ec34033e6", "date": "2017-07-15T01:33:22" } } }
When I try to list joined teams, it always failed with this error. But just a little times it will work.
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/user_list_joinedteams
Any help?
Thanks!
If you take a look at this: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/group_list
Under the Permissions section, you will see that when you create the Enterprise Application (assuming Azure AD), you need to specify the permissions and grant them to the application (If using Azure AD 2, they you set the scope in the code and not through the portal)
The problem I'm running into is that the User.Read.All and User.Read.Write require Admin privileges - I read that even with this, one only gets access to their own directory resources.
In short, you are not assigning the right permissions to your application which is why you get the error when executing the GET groups
Related
I'm trying to use MS Graph to work with Planner tasks, and am currently investigating the API with Graph Explorerprior to writing any code. I'm at the point where I'm trying to list all Planner plans for a given group, using the query https://graph.microsoft.com/v1.0/groups/{c6a12d05-ac5d-4e84-a924-f8be570d75d4}/planner/plans. I'm getting a 403, but when I look under the Modify Permissions tab I already have all four of the suggested permissions:
Am I missing something?
EDIT
This is the error response:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"date": "2023-01-13T14:48:07",
"request-id": "61a39484-fd91-47da-be0f-7e6d5e6e9955",
"client-request-id": "d912b37f-b872-3753-e7f6-f4000d8e7998"
}
}
}
As I can see from the screenshot in the permissions page, the following permissions Group.Read.All and Group.ReadWrite.All are not admin consented as seen in the screenshot below
Please ask your admin to grant you those permissions.
We have created a WP that we have published to Teams that would give owners the possibility to modify the external sharing setting ("AllowToAddGuests") from a tab in their Teams.
We are experiencing a problem when we try to do the set of AllowToAddGuests using an owner account.
The Teams app has :
{
"resource": "Microsoft Graph",
"scope": "Directory.ReadWrite.All"
}
As per MS Graph docs
https://learn.microsoft.com/en-us/graph/api/directorysetting-update?view=graph-rest-beta&tabs=http
should work fine with delegated.
If I execute the graph call in the graph explorer using the owner user it gives the same access error.
All permissions are granted at admin level.
If a global admin is used, then all works fine.
The error I am receiving is the following:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-07-02T15:18:56",
"request-id": "84fe9be9-a4b0-4023-93e6-68dd780ce2ea"
}
}
}
Has the owner the possibility to change the flag AllowToAddGuests or should I do this via an App reg?
Thanks for the answers.
Alex
I am posting this here so that if anybody looks for the same information, they have it here.
At the time of this writing, the answer we got from Microsoft is that for this call to work, the user performing the call (in our case one of the owners) needs to also be a Group Administrator. For our use case this was not doable as any user in the company can potentially be an owner of a MS Teams.
The solution we have chosen is to use application permission with Directory.ReadWrite.All to perform the call. This works as expected now.
Microsoft has also promised they will update the documentation in order to include the current information.
I am trying to get a list of groups from https://graph.microsoft.com/v1.0/groups with the correct application permissions. I created an application in portal.azure.com and added application permissions (generated client secret etc). This seemed to be working but after adding and removing other permissions the application stopped working so I set up a new application (new client id and secret) with the same permissions when it was working and all expected calls are working expect https://graph.microsoft.com/v1.0/groups for which I get this error:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "adad2794-0000-43f6-812c-091acec39f7c",
"date": "2020-03-06T12:18:58"
}
}
}
I know the GUID for one of the groups and I can call the APIs for listing group files without and problems but just can't list groups!
Is there a permission I need to add that I'm missing? I'm sure I've added the required permissions, see screenshot.
Thanks.
try Directory.Read.All
Group.Read.All means that you can read everything about a group.
I'm attempting to get tasks assigned to a specific user from the Graph API, so based off of the sample query in the graph explorer i'm using this endpoint
https://graph.microsoft.com/v1.0/users/<user-email>/planner/tasks
Which works fine for whatever user I'm signed in as, but attempting to get tasks for a user I'm not signed in as will always return with a 403 and say I don't have the required permissions. Group.ReadWrite.All is granted by admin, and according to the graph docs, that should be fine, but no luck.
I've also just created a new demo tenant and one by one granted permissions in the graph explorer with admin and still no luck! So i'm doubting the issue really is permissions. And for the record I've tried v1.0 and beta endpoints, and I've attempted this in a SPFx Web Part, and it doesn't work in practice either.
Not sure that it will help, but this is what is being returned each time:
{
"error": {
"code": "",
"message": "You do not have the required permissions to access this item.",
"innerError": {
"request-id": "b02e3529-a4ae-4825-b4e6-7fc9b1fa228e",
"date": "2019-03-27T12:28:41"
}
}
}
Anyone else ran into this issue or know of a workaround?
Reading tasks for other people is not allowed. We are investigating app-only request support, which should enable this scenario.
I'm using Microsoft Graph API v1 with Administrator credentials via my software to create Events in a Group. However the response I get is a 403 with the following:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "c4754c79-5e3a-4f63-9f88-404100513796",
"date": "2018-07-11T10:11:27"
}
}
}
on a POST request to https://graph.microsoft.com/v1.0/groups/{idGroup}/events/
I have checked all rights provided to the app via Azure AD and everything is fine (tokens, code and scope with Group.Read.All Group.ReadWrite.All). The Group is also created, the users are added to it and the owner is the admin I use for the create request.
I have also tried on the Microsoft Graph API Explorer but i have the same error.
Yesterday morning the creation was possible but I think some rights were corrupted. Is anybody has got this problem before? How to fix it?
After a few days without any changes in the code the problem dissapeared.
I am still not sure of what happened, anyway thanks guys !