While getting managed apps from Intune using the graph api is no problem, every time I try to delete an app from intune, i get 403 forbidden.
DELETE https://graph.microsoft.com/beta/deviceAppManagement/{appID} - returns 403
GET https://graph.microsoft.com/beta/deviceAppManagement/{appID} - returns 200
I've tried adding the application in the app registration portal and adding it as a app in the Azure AD.
First I get an auth code using from here
https://login.microsoftonline.com/{TenantID}/oauth2/authorize?response_type=code
&redirect_uri=localhost
&client_id={MyAppID}
&resource={ "https://graph.microsoft.com"}
&prompt=admin_consent
&scope=DeviceManagementApps.ReadWrite.All
And then obtain a jwt token from here, using the code
POST https://login.microsoftonline.com/{TenantID}/oauth2/token
-Body grant_type=authorization_code&redirect_uri={redirectURI}client_id={App/ClientID}&client_secret={App/ClientSecret}&code={MyAuthCode}&resource=https://graph.microsoft.com
I then use the returned token to make calls to the graph api.
I've also tried using the common endpoint, but to no avail.
Am i missing some permission scope I need to set? I have the following delegeted perimissions set for the app and im authenticating using an admin account on a MS demo account.
Read and write Microsoft Intune apps (preview)
Sign in and read user profile
Read and write directory data
If it's a "Managed" app - those are built-in apps that Intune ships, and can't be deleted. Can you verify that it works if you create/delete a standard iOS store app via Graph API?
Related
I created an new Pinterest API and used PostMan to get an Access Token. I have not tried to get it approved. When I try to use an API called PinSharp, the pinterest client fails to get the boards and just the an exception message "Authorization failed".
Does anyone know how to get passed this so the app can be used to pin images?
You need to get your app approved by Pinterest prior to being able to pull data from the API. After you complete the application process and are approved, you will see a "Visit API docs" link on your app page that will then provide detailed information on how to access the API.
I'm not sure if there are multiple documentation locations depending on the type of access you are given, but the documentation I have access to is: https://developers.pinterest.com/docs/redoc/pinner_app
We are using the iOS Intune SDK to build a native MAM app. This app needs to access the Graph API to read the user profile and other data. What we did:
(1) We registered a app and gave the permissions: User.Read (for Graph and Windows Azure AD), DeviceManagementManagedApp.ReadWrite
Login and enrollment to Intune is working, the app gets enrolled. But, when trying to obtain the access token for the Graph API using the ADAL SDK I need to sign in again a then I am blocked with the message that the device needs to be managed to access this resource.
Do I need another permission? Where to I get the access token from? Is anything else missing?
From your description it appears you have a Conditional Access policy enabled that requires mobile devices are Intune MDM managed. When you call the Graph API from an unmanaged device it will ask you to enroll the device. If you remove the Conditional Access policy you should be able to confirm this.
I'm attempting to take advantage of the public preview of Microsoft Graph reporting APIs for retrieving Office 365 product usage data. I have an application registered for Graph that successfully executes Graph calls for non-reporting APIs (i.e. the access_token I generate with my app is successfully used to access users information for a tenant: https://graph.microsoft.com/beta/users) but when I try any of the report resources I encounter the below error:
Invalid scope claims/roles.
According to the documentation I've read this would seem to imply that my app does not have the necessary permissions for reports but this is not correct as I have confirmed that the app has the "Read all usage reports" application permission enabled.
Has anyone else encountered similar challenges with the Microsoft Graph reporting APIs and have any suggestions that I could try?
If you added this scope after you had already authorized the application, it may still be using the previous/cached list of scopes. You can force re-authorization by adding ?prompt=consent to your initial authorization URL. For example:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={app id}
&response_type=code&redirect_uri={redirect uri}&prompt=consent
How do I get Facebook Page Access Token using SLRequest (with a graph api call) on iOS.
I have an app that posts photos to a particular Facebook page. I've got it working through php so I know there is no issue with obtaining such permissions. But I need to do it completely in native iOS now.
In iOS, I've got post permission to said page owners feed, but that's not what I want. when I use the app token to post to a page (this is a photo album on a public facing page) it gives me 'permission denied errors'
I have this working through php using
$request = new FacebookRequest($session, 'GET',
'/me/accounts?fields=name,access_token,perms');
Just need to get the same for iOS using SLRequest as I'm using iOS Social framework
Thanks for the help
You should not make call to the Graph API using an App Access Token from a device. That is because the App Access Token should be considered like a password; storing it on a device is insecure because the token can be extracted using special software.
You can read more about this here: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
...Again, for security, app access token should never be hard-coded into client-side code...
You can handle your situation in two ways:
Just make the call using the User Access Token. If you have the correct permissions from the user, you can post as that page to the photo album.
Send the data to your own servers and make a call, using App Access Token, from there to the Graph API.
I would suggest you use method 1. Its also for your rate limiting better to use User tokens instead of App tokens.
I have been struggled with Youtube API and now I am stuck.
What I did is:
create a project at google developers console(https://console.developers.google.com)
enabled "YouTube Data API v3"
generate api key of iOS.
access to https://www.googleapis.com/youtube/v3/search?key={API KEY}&part=id&q=soccer by web browser and got the error message
Am I missing something?
I have read many questions but I cannot solved yet.
In step 3 "generate API key for IOS", the comment on the Google Developer Console web page says
Use of this key does not require any user action or consent, does not grant access
to any account information, and is not used for authorization.
Clicking on the *Learn More" button, it says:
Use an API key when your application is running on a server and accessing one of the following kinds of data:
•Data that the data owner has identified as public, such as a public calendar or blog.
•Data that is owned by a Google service such as Google Maps or Google Translate. (Access limitations may apply.)
I think you need to use the OAuth process rather than the API Key. Click on Learn More in the OAuth section of the Developer Console web page to learn about using OAuth with Apple iOS.
To create oAuth credentials for iOS:
Create new Client ID / Installed Application / iOS
I know it sounds a bit elementary, but I solved this same problem by going back into Google developer, creating a whole new project, new API key, and then it worked. Google quirk??