When using the Graph Explorer, I could use the 'List People' API like so:
https://graph.microsoft.com/beta/users/<user id>/people
Where <user id> can be any user in the organization.
However, when I build my own app, I could only call the List People API on the logged in user. Calling it on another user gets me a permission denied response.
What Scope should I use so I can use List People on any users?
According to the documentation for the List People API
"The following scopes are required to execute this API: People.Read; People.ReadWrite"
But People.Read only "Allows the app to read a ranked list of relevant people of the signed-in user." and People.ReadWrite doesn't exist on the list of Permission scopes.
Try using the scope User.ReadBasic.All which allows you to get all users in the organization - but not all properties however.
Some resources:
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/users
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list
https://msdn.microsoft.com/en-us/library/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes
This call type needs People.Read.All which must be Admin consented for your app in order to call it.
Docs are here: MS Graph : List People
Related
I am not able fetch mailFolders details for some user present in my tenant and I m able to fetch the user info.Using graph explorer to fetch details.
On top of that I have tried fetching mailFolders details for my admin account in the tenant (logged in with admin account) and it was successful.
I have already given the required permission to my application. Mail.read and Mail.ReadBasic.All. Both are the application permission.
Users are added into my Azure Active Directory as well as app.
The API GET URL is this one -
https://graph.microsoft.com/v1.0/users/*****#******.onmicrosoft.com/mailFolders
I am trying to fetch other user mailFolders while logged in with an admin account of that tenant, but getting the error Access Denied.
Error Access Denied
How do I fix this?
I tried adding users to graph app in Azure enterprise applications but this also didn't help.
I also modified mailbox permission on the Admin console for some of the users but this also didn't help.
Please help
Regards,
Apoorv.
There is still one permission is missing I think in the permissions tab "Mail.ReadWrite"
Also please check the token if the required scopes are present in there in https://jwt.ms/
Authorization Scopes To Get Follower Count From Tiktok
The Tiktok developer API documentation only lists three sets of scopes that an application can request:
video.list
user.info.basic
share.sound.create
Unfortunately, the user.info.basic scope only allows you to see some really basic info (not even a profile URL!). Are there any "hidden" scopes that I can request that would allow me to get more information about a user? Specifically, I'd like to be able to get at least their follower count, and ideally also the profile url. Such a scope definitely does exist; if you make a request to /user/info/, and you include a field which doesn't exist, you simply get no data. However, if you ask for the field "follower_count", you get an error that user.info.basic doesn't grant sufficient permissions.
Is it possible to get a list of users (or user ids) who shared their calendars with the person logged in?
I want to have a list of calendars where I can call as I do with
https://graph.microsoft.com/v1.0/users('user shared the calendar')/calendars
There's a way you can take it one step closer to what you want using the beta endpoint: do a GET /calendars for the signed-in user, and for each calendar, check the isSharedWithMe property. If that property is true, the owner property would show the display name and SMTP address of the user who shared the calendar.
Other than the user ID, you can use the SMTP address to index into the users collection in a tenant as well.
You can see a description of the calendar properties in the Graph documentation.
Please be aware that isSharedWithMe, and in general, APIs in the beta endpoint, are subject to change without notice. For that reason, production apps should not take a dependency on such APIs.
On the document, I just found I can get displayName from
/drive
But no email
If I want to use this API, can I only through Microsoft Graph?
This is available using the Microsoft Graph API , if your app has requested User.Read permissions.
You can make a request to get the signed in user's email:
GET https://graph.microsoft.com/v1.0/me/mail
Or you can make a request to get a particular user's email, based on a user ID:
GET https://graph.microsoft.com/v1.0/users/{userId}/mail
You can also use the createdByUser and lastModifiedByUser navigation properties on an item to retrieve the email address for the user who created/modified the file.
To call Microsoft Graph, you need to use the AAD OAuth v2 authorization / token end point. It's different than what you would have been using for OneDrive personal previously, but documented here: https://dev.onedrive.com/auth/graph_oauth.htm
I manage an Instagram client that has been approved with scopes basic and public_content. I'm trying to add the follower_list scope as well. Before Instagram's approval, the scope should work in sandbox mode with user=self. I have requested an access token with the follower_list permission, but I'm receiving an OAuthPermissionsException: This client has not been approved to access this resource.
Logging in to my Instagram account and viewing my Authorized Applications, the client is indeed listed with 'Access your friends list' as a permission. Other restricted endpoints work fine with user=self, such as comments and likes. It seems to just be an issue with the follower_list scope.
Any advice, or is this perhaps a bug on Instagram's part?
Update:
I received the follower_list permission from Instagram, and can now get the followers/followings for self. However the API currently does not support retrieving followers for any user other than self. So you can access the followers of the logged in user, but no one else.
You can only get logged-in users (self) following list, for this you need follower_list permission. You cannot get any other user's following list via API anymore.