I am trying to get my office365 planner task using the Microsoft Graph API but I am getting below error:
GET https://graph.microsoft.com/beta/me/tasks
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Bearer access token is empty.",
"innerError": {
"request-id": "4f209643-f3f6-4256-87b7-cf4f2fd489eb",
"date": "2016-05-16T09:03:33"
}
}
}
The error message is pretty self-explanatory,
"message": "Bearer access token is empty."
You need to be authenticated before you can make this RESTful API call.
If you're developing your own app, follow this tutorial to learn about OAuth2 workflow,
http://graph.microsoft.io/en-us/docs/platform/rest
If you're using Graph Explore, make sure you're logged in before call that API.
I use this Controller's action code for granting admin consent:
//<Summary>
//Used to grant admin consent to Azure AD apps
//</Summary>
public virtual ActionResult AdminConsentApp()
{
string strResource = "https://graph.microsoft.com";
string strRedirectController = "https://localhost:[my local debug port number]";
string authorizationRequest = String.Format(
"https://login.windows.net/common/oauth2/authorize?response_type=code&client_id={0}&resource={1}&redirect_uri={2}&prompt={3}",
Uri.EscapeDataString(SettingsHelper.ClientId),
Uri.EscapeDataString(strResource),
Uri.EscapeDataString(String.Format("{0}", strRedirectController)),
Uri.EscapeDataString("admin_consent")
);
return new RedirectResult(authorizationRequest);
}
Hope this help,
Cheers, Danfer.
Related
I'm trying to get the chat messages from MS team channel using API.
https://graph.microsoft.com/v1.0/teams/{team-id}/channels/{channel-id}/messages
It works in graph explorer and returns the list of all chat messages. But when I hit the same API within Postman it return the following error:
I have consented all the required permission in azure app. What else am I missing here. Has anyone faced similar issues?
Please let me know.
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2021-04-20T04:01:46",
"request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125",
"client-request-id": "e32d3a2e-001c-4478-8c9c-8d5ff0c5e125"
}
}
}
list channel messages is under protected API in MS teams. Before calling this API with application permissions, you must request access. To get the access you have to apply request access form
Has anyone successfully used the CreateOrGet request to Microsoft Graph v1.0 to create an Online Meeting using Application permissions? I had the Application created on the Azure Portal, and with the client id and secret declare and initialize the GraphServiceClient.
I have a service(Hangfire Server) which without user interaction does background and out of sync processes and notifications. One of the features is for this server to send organizational communications with embedded links to online Teams meetings. For this, I'm trying to use Client Credential flow
I have the following permissions in my token:
"roles": [
"OnlineMeetings.Read.All",
"OnlineMeetings.ReadWrite.All",
"User.Read.All"
],
The first column has the names of the permissions cut, but the necessary delegate and application permissions are all there, although the screenshot taken a couple of days ago doesn't include the application permission for User.Read.All. I have the Admin's consent on the Application permissions. The name you see painted out is the Directory name.
I'm using the Client Credentials Provider with the following code:
//Client Credentials - Application
app = ConfidentialClientApplicationBuilder
.Create(config.Value.ClientId)
.WithTenantId(config.Value.Tenant)
.WithClientSecret(config.Value.ClientSecret)
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
{
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
authResult = await app
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
_logger.LogInformation("Token included in GraphClient: " + authResult.AccessToken);
})
);
OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}
var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync(); //<-- This works with the User.Read.All permission
_logger.LogInformation("User: " + JsonConvert.SerializeObject(user, serializerSettings));
string meetingId = Guid.NewGuid().ToString();
OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,
onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync(); //<-- This doesn't work, and I'm getting a ServiceException
This is the error I get:
StatusCode: Forbidden ResponseBody: {
"error": {
"code": "Forbidden",
"message": "Application does not have permission to CreateOrGet online meeting on behalf of this user.",
"innerError": {
"date": "2021-03-26T15:55:22",
"request-id": "6e8466cb-807a-44df-93bf-27d42c413e44",
"client-request-id": "6e8466cb-807a-44df-93bf-27d42c413e44"
}
}
}
Any clues as to what might be the problem?
You might have missed below note which is mentioned in documentation:
Documentation: https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
Create application access policy steps: https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http
I am integrating ServiceNow with Teams specifically to push notifications to users and channels using microsoft graph api.
Issue #1 -
I have configured an OAuth profile for azure app to utilize microsoft graph API, setup required API permissions and calling various chat related API functions. For 'Create Chat' request I am getting below error:
responseBody: {
"error": {
**"code": "UnknownError",**
"message": "",
"innerError": {
"date": "2021-01-29T09:20:53",
"request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3",
"client-request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3"
}
}
}
API call -
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setHttpMethod("POST");
restMessage.setEndpoint("https://graph.microsoft.com/beta/chats");
restMessage.setRequestHeader('Content-Type', 'application/json');
restMessage.setRequestHeader('Authorization', 'Bearer ' + retrieveToken()); //retrieveToken() function creates access token.
restMessage.setAuthenticationProfile('oauth', 'a5325df007022010f60df7fc7c1ed0a2');
restMessage.setRequestBody(global.JSON.stringify(
{"chatType": "oneOnOne","members":
[
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
},
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
}
]
}
));
var response = restMessage.executeAsync();
var responseBody = response.getBody();
gs.info('responseBody: '+responseBody);
Most of the suggestions are to set appropriate API permissions. This is already set correctly on Azure (both delegated and apppication permissions) and in OAuth entity scope in servicenow.
Issue #2 -
For the same setup instead of usign scripted API, I defined REST Message record and trying to get the token by clicking 'Get OAuth Token' related link and getting following error:
https://dev72030.service-now.com/oauth_redirect.do?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27msgraph-client-app%27+asked+for+scope+%27**Chat.Read.All%27+that+doesn%27t+exist+on+the+resource**+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+b0b9ff39-fd1a-49c9-85fa-3c8c71943600%0d%0aCorrelation+ID%3a+9c276922-3a77-4cc1-890b-23177ffd1845%0d%0aTimestamp%3a+2021-01-29+10%3a31%3a27Z&state=-1877865371#
This say I need to set 'Chat.Read.All' API permission. This is already provided on both sides, Azure app and OAUth profile in SNOW.
What am I missing
Could you please check this docs? For second issue: Could you please check the permissions on src by going through the jwt.io
i have been trying to tackle this issues for a while now, i am workin on an Office-js addin for Outlook and is trying to access Microsoft Graph data through my addin.
But i have been unable to authenticate the token i recieve from getAccessTokenAsync.
If i attempt to use the authenticator from Office-JS-Helpers i can get access, but i would prefer to use the built in function of the addin for it.
the code i am trying to use is this:
Office.initialize = () => {
var options = { forceAddAccount: true, forceConsent: true } as Office.AuthOptions;
Office.context.auth.getAccessTokenAsync(options, getAccessTokenAsyncCallback);
}
function getAccessTokenAsyncCallback(accessTokenResponse) {
console.log(accessTokenResponse.value)
client = MicrosoftGraph.Client.init({
authProvider: (done) => {
done(null, accessTokenResponse.value);
},
debugLogging: false
})
client.api("/me")
.get((err, res, rawResponse) => {
console.log(err)
console.log("rawResponse")
console.log(rawResponse)
})
}
and my WebApplicationInfo in my manifest is:
<WebApplicationInfo>
<Id>{AppUID}</Id>
<Resource>api://localhost:3000/{AppUID}</Resource>
<Scopes>
<Scope>profile</Scope>
<Scope>user.read</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
and the rights has been set up in my app on the Application Registration Portal.
as far as i can see when validating/decoding the JSON Web Token i recieve from getAccessTokenAsync, it should be valid.
but whenever i try to connect using this token i get this response:
{
"statusCode": 401,
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"requestId": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T05:37:43.000Z",
"body": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T07:37:43"
}
}
}
i simply can't figure out what the issue is here, am i wrong in that the token returned from getAccessTokenAsync is the one i need for this?
oh yes and i am running up against an Office365 environment with Outlook 2016 version 1807 build 10325.20118 click to run
The token that is returned by getAccessTokenAsync, called the bootstrap token, does NOT give your add-in access to MS Graph directly. Instead it gives the Office host application, Outlook in this case, access to your add-in's web application. Your add-in's web application then uses that token to get an access token to Microsoft Graph. It does this by using the "on behalf of" OAuth flow. Please see the extensive documentation at this node: SSO in Office Add-ins and, for Outlook-specific guidance, also see Authenicate a user in an Outlook Add-in with an SSO token.
I am attempting to create a new list item in SharePoint Online using the [beta] Microsoft Graph endpoint. The goal is to call Microsoft Graph from an Outlook Add-in but the problem persists on Postman.
When I call the endpoint as per the documentation I get the following error message:
{
"error": {
"code": "unauthenticated",
"message": "The caller is not authenticated.",
"innerError": {
"request-id": "bb094f39-71c9-4c7d-9d9b-913cc9622baf",
"date": "2017-08-08T11:32:02"
}
}
}
I'm using ADAL JS to fetch the authentication token and I initialized my AuthenticationContext with my tenantID. My app has the following permissions: offline_access, Sites.Read.All, Sites.ReadWrite.All, User.Read
2nd Edit - more details on readItem
I use the https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items endpoint with the {site-id} of my desired site from /sites and the {list-id} of the list from /sites/{site-id}/lists but this is the empty response I get:
{
"#odata.context": "https://graph.microsoft.com/...",
"value": []
}
If I try to to add /{item-id} to my original call to access specific item I receive this response:
{
"error": {
"code": "itemNotFound",
"message": "The specified list was not found",
"innerError": {
"request-id": "6e7ccae3-3aee-4dbb-ae3e-de61250478e0",
"date": "2017-08-09T13:13:33"
}
}
}
Which doesn't make sense because I can retrieve valid information about the list if i make the call without /items/..
Any and all input appreciated :) I'll gladly provide more code, this is all I deemed relevant and didn't want to overcrowd the post.
might be that you actually don't have an item with that id, since https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items/1 works for me.
test the id's you really have by just https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items and each item returns it's id.