Develop Reference

Question about Create oAuth2PermissionGrant (a delegated permission grant)

I followed this document https://learn.microsoft.com/en-us/graph/api/oauth2permissiongrant-post?view=graph-rest-1.0&tabs=http
I can successful request the list api after add permission "
Directory.Read.All" to the application, while the create api returns an error
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-11-15T08:54:50",
"request-id": "46986851-590c-4687-b909-918e9d233f07",
"client-request-id": "46986851-590c-4687-b909-918e9d233f07"
}
}
is there any other permission required or some additional operations needed?

This is expected as the Create requests requires Directory.ReadWrite.All. You app seems to have only Directory.Read.All which is not enough for doing objects writes.
Trying adding Directory.ReadWrite.All to your app and trying again. Make sure it is granted by admin on Azure AD portal.

Microsoft Graph GetChat API returns forbidden error for some chats

The GetChat API (https://graph.microsoft.com/v1.0/chats/{chatid}) from Microsoft Graph returns error 403 (Forbidden) for some chats when using application permissions. The application being used has Chat.Read.All permissions with admin consent granted. Also, the same application returns success for other chats.
Following are errors for couple of requests to get chat, that were tried using Postman:
1:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:16:26",
"request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41",
"client-request-id": "79c2ca6f-5b85-44ed-a3da-ef3607630a41"
}
}
}
2:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-10-18T13:18:37",
"request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4",
"client-request-id": "5cfd4f22-8c25-4ecf-aa88-0c0c3df560d4"
}
}
}

You could try couple of things here -
Try the same API call in Graph explorer and observe if you still see this error. This will help in identifying if there is any issue with the token that you have generated.
You may have changed your API permissions after giving your application admin consent. When you give admin consent, Azure AD will take a "snapshot" of the permissions at the time of consent. Then if you change the permissions later, you will need to re-do the admin consent process again.
Personal accounts are not supported. Refer permissions here.

Unable to delete AppRoleAssignment using Beta Graph API

I'm using the Graph API beta endpoint to try and delete an AppRoleAssigmnet:
https://graph.microsoft.com/beta/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
109
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Direct queries to this resource type are not supported.",
"innerError": {
"request-id": "aa7c14a3-f700-4368-898e-009f1608ade1",
"date": "2019-04-30T00:29:50"
}
}
}
0
According to the beta documentation, this is allowed:
https://learn.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta
I also verified the correct permissions according to the documentation as well.
I know this is a beta endpoint but any chance this will be fixed soon or do I need to use the Azure AD API instead?
UPDATE
I tried going through the users collection and it also fails:
https://graph.microsoft.com/beta/users/7e73da23-31d7-4eff-9a0b-05fcb15f5c9b/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
fb
{
"error": {
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
"innerError": {
"request-id": "b6db0eee-dc45-4e10-a56c-9a870fb7315c",
"date": "2019-04-30T23:49:24"
}
}
}
0
I tried going through the service principal collection and it also fails:
https://graph.microsoft.com/beta/servicePrincipals/27e0a182-2008-4b4e-b998-731e0d111041/appRoleAssignments/I9pzftcx_06aCwX8sV9cmziqx-oiF21IlkxV9xRYvBM
I am using the DELETE verb and below is the response I get back:
18b
{
"error": {
"code": "BadRequest",
"message": "The type 'microsoft.graph.appRoleAssignment' does not inherit from and is not a base type of 'microsoft.graph.directoryObject'. The type of 'KeySegments' must be related to the Type of the EntitySet.",
"innerError": {
"request-id": "8c981e82-755e-4c25-b448-58d2b71e12c7",
"date": "2019-04-30T23:46:20"
}
}
}
0

I'm afraid this service bug has existed for a very long time. The only thing I can say is to try this with AAD Graph until this is fixed in Microsoft Graph. The schema unfortunately models appRoleAssignments as a standard relationship, whereas in fact it is implemented as a contained entity (i.e. you can only operate on the app role assignment when it is contained as part of another entity - like users, groups or servicePrincipals). The schema definition needs to be updated. The documentation is accurate IMHO.
Hope this helps

Get Tasks lists from Microsoft beta Graph API

I cannot GET data about the tasks when I use a personal account to login.
GET https://graph.microsoft.com/beta/me/outlook/tasks
When I use my company account to login the REST request works fine,
but when I use personal accounts ( ...#outlook.com, ...#hotmail.com, ...#live.com )the request return the error response:
{
"error": {
"code": "RequestBroker-ParseUri",
"message": "Resource not found for the segment 'Outlook'.",
"innerError": {
"request-id": "d7a97e67-358a-41fa-b70b-81a2096cb4cb",
"date": "2018-01-08T13:30:39"
}
}
}
Any suggestions?

The beta release of Graph's Outlook Tasks API doesn't support Personal/Outlook.com accounts at the moment. It is planned but there isn't an ETA available just yet.

Try: GET https://graph.microsoft.com/beta/me/planner/tasks
I'm not certain, but I think that may be what you're looking for

Microsoft Graph SharePoint access items (read/write)

I am attempting to create a new list item in SharePoint Online using the [beta] Microsoft Graph endpoint. The goal is to call Microsoft Graph from an Outlook Add-in but the problem persists on Postman.
When I call the endpoint as per the documentation I get the following error message:
{
"error": {
"code": "unauthenticated",
"message": "The caller is not authenticated.",
"innerError": {
"request-id": "bb094f39-71c9-4c7d-9d9b-913cc9622baf",
"date": "2017-08-08T11:32:02"
}
}
}
I'm using ADAL JS to fetch the authentication token and I initialized my AuthenticationContext with my tenantID. My app has the following permissions: offline_access, Sites.Read.All, Sites.ReadWrite.All, User.Read
2nd Edit - more details on readItem
I use the https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items endpoint with the {site-id} of my desired site from /sites and the {list-id} of the list from /sites/{site-id}/lists but this is the empty response I get:
{
"#odata.context": "https://graph.microsoft.com/...",
"value": []
}
If I try to to add /{item-id} to my original call to access specific item I receive this response:
{
"error": {
"code": "itemNotFound",
"message": "The specified list was not found",
"innerError": {
"request-id": "6e7ccae3-3aee-4dbb-ae3e-de61250478e0",
"date": "2017-08-09T13:13:33"
}
}
}
Which doesn't make sense because I can retrieve valid information about the list if i make the call without /items/..
Any and all input appreciated :) I'll gladly provide more code, this is all I deemed relevant and didn't want to overcrowd the post.

might be that you actually don't have an item with that id, since https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items/1 works for me.
test the id's you really have by just https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-id}/items and each item returns it's id.