Is it possible to retrieve task lists using the Microsoft Graph API (http://graph.microsoft.io/docs/api-reference/beta/api/task_list) in a service app?
I can successfully request a token that has all of the following scopes:
Calendars.Read
Calendars.ReadWrite
Contacts.Read
Directory.AccessAsUser.All
Directory.Read
List item
Directory.Read.All
Directory.ReadWrite.All
email
Files.Read
Files.Read.Selected
Group.Read.All
Group.ReadWrite.All
Mail.Read
Mail.Send
Notes.Create
Notes.Read
Notes.Read.All
Notes.ReadWrite.All
offline_access
openid
People.Read
profile
Sites.Read.All
Tasks.ReadWrite
User.Read
User.Read.All
User.ReadBasic.All
User.ReadWrite
User.ReadWrite.All
user_impersonation
I am able to get lists of users, groups, applications and other entities, but my requests to the tasks or plans endpoints return the following error:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "d0d7d970-ff88-4af9-93d3-8b8d4acfabf0",
"date": "2016-01-28T12:46:31"
}
}
}
My expectation is that Group.ReadWrite.All is inherited as app-only from Directory.ReadWrite.All, so together with Task.ReadWrite I should be able to see tasks and plans.
Is there another required permission or another setting that we’ve missed?
Retrieval of tasks/plans is currently not supported in service-only (app-only) context. Please use user delegation context (app+user) instead.
Related
I am trying to read emails of user a user in a tenant. The admin has granted consent for the following permissions:
offline_access AccessReview.Read.All AccessReview.ReadWrite.All Channel.ReadBasic.All ChannelMessage.Read.All ChannelSettings.Read.All Chat.Read ChatMessage.Read DelegatedPermissionGrant.ReadWrite.All Directory.Read.All Directory.ReadWrite.All Mail.Read Mail.Read.Shared Mail.ReadBasic Mail.ReadWrite MailboxSettings.Read openid profile TeamMember.Read.All TeamSettings.Read.All User.Read User.Read.All User.ReadBasic.All email
However, both in graph explorer and in PHP code, when I query the endpoint https://graph.microsoft.com/v1.0/users/<user_email>/messages, I get the error:
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store., Default folder AllItems not found.",
"innerError": {
"date": "2022-11-29T09:16:49",
"request-id": "2449c64a-9aa8-479d-8de4-923a2a306583",
"client-request-id": "5eb26a2e-54da-bba2-0adf-4fa7bca43df2"
}
}
What could I be doing wrong?
I have created a test application which is requesting adminconsent from a MS teams admin with the following scopes :
openid offline_access channelmessage.read.group channelmessage.read.all chat.read chat.readbasic chat.readwrite user.read.all channel.readbasic.all directory.read.all group.read.all groupmember.read.all organization.read.all people.read.all presence.read.all team.readbasic.all
I am using an application token to fetch ms teams organization data like users, channels, teams etc. I have managed to fetch with Graph API the user, channel, teams data of an organization,
but when I tried to fetch messages
with
https://graph.microsoft.com/v1.0/teams/team_id/channels/channel_id/messages
I am getting the following error:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2021-03-03T22:23:47",
"request-id": "a279044a-ab9e-4c18-af71-5a65ea7cee86",
"client-request-id": "a279044a-ab9e-4c18-af71-5a65ea7cee86"
}
}
}
When you are using application permissions you need to you must request access.For details, see Protected APIs in Microsoft Teams.
EDIT: I have successfully used the endpoint with my business Office365 account. I would like to use this in conjunction with my personal account since it has the shared data I am looking to access. Is there some fundamental aspect that prevents me from accessing this information through these APIs?
I have tried to perform the "my To Do task lists" https://graph.microsoft.com/beta/me/todo/lists with the Microsoft Graph Explorer Tool at https://developer.microsoft.com/en-us/graph/graph-explorer
I have set the Tasks.ReadWrite consent for the token, and it lists it "Consented" in the "Modify Permissions" tab. However, calling the API just returns a 401 error with a very unhelpful message:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"date": "2020-10-08T17:48:38",
"request-id": "7989b12e-4276-4600-968a-daa59677ebfe",
"client-request-id": "019b2755-0eb0-40f2-7ada-6df8d36857ff"
}
}
}
Yes – I know something is wrong but I thought I was doing everything properly. The account I am using is a personal account.
Other requests, such as https://graph.microsoft.com/beta/me work just fine. I have not found in the documentation any obvious things I am missing, so I thought I'd try to hear if someone has had a similar issue.
From approximately March 23 2020 Microsoft Graph Planner apis like https://graph.microsoft.com/v1.0/planner/tasks/TC41-x8azkKX-ibO17qtJpYAHGAB starting throwing 401 for external guest users with the following error message:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "33a1c8d0-60b3-46ab-807a-da5a8d776151",
"date": "2020-04-13T07:51:57"
}
}
}
The Microsoft Graph call has Group.ReadWrite permissions.
The same user can access the task fine through Microsoft Planner with this url: https://tasks.office.com/meetingdecisions.com/Home/Task/TC41-x8azkKX-ibO17qtJpYAHGAB
Why did this suddenly start happening?
I have registered an application in Azure Active Directory to call findMeetingTimes from Microsoft Graph. I am able to successfully authorize, get a token, and make other Graph API calls, but receive a 401 - Unauthorized response with an error code of "UnknownError" for the endpoint https://graph.microsoft.com/v1.0/me/findMeetingTimes.
I am using a Microsoft work account for these activities, and I am able to login with said account and view the calendar. I have tried other calendar-related API calls including /me/calendar/getSchedule and /me/events and received successful responses. I am mostly testing with Postman, but have attempted to use the Graph Explorer and gotten the same response.
I have also checked that the token I am using contains the correct scope of both Calendars.Read.Shared and Calendars.ReadWrite.Shared. I originally tried with just the scope of Calendars.Read.Shared, but to no avail.
This is the response I receive when requesting a token:
{
"token_type": "Bearer",
"scope": "Calendars.Read.Shared Calendars.ReadWrite.Shared User.Read profile openid email",
"expires_in": 3600,
"ext_expires_in": 3600,
"access_token": "foo",
"refresh_token": "bar"
}
The request I make (with an empty body, as all body parameters are optional):
POST /v1.0/me/findMeetingTimes HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
Authorization: Bearer foo
The 401 response I receive:
{
"error": {
"code": "UnknownError",
"message": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\"/>\r\n<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>\r\n<style type=\"text/css\">\r\n<!--\r\nbody{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}\r\nfieldset{padding:0 15px 10px 15px;} \r\nh1{font-size:2.4em;margin:0;color:#FFF;}\r\nh2{font-size:1.7em;margin:0;color:#CC0000;} \r\nh3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} \r\n#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:\"trebuchet MS\", Verdana, sans-serif;color:#FFF;\r\nbackground-color:#555555;}\r\n#content{margin:0 0 0 2%;position:relative;}\r\n.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}\r\n-->\r\n</style>\r\n</head>\r\n<body>\r\n<div id=\"header\"><h1>Server Error</h1></div>\r\n<div id=\"content\">\r\n <div class=\"content-container\"><fieldset>\r\n <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>\r\n <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>\r\n </fieldset></div>\r\n</div>\r\n</body>\r\n</html>\r\n",
"innerError": {
"request-id": "foo",
"date": "2019-06-21T13:52:00"
}
}
}
Is there any other configuration that I can change to get around this issue?
We've managed to track down the issue: the O365 tenant I was attempting to make the API call on was a Government tenant and did not have the "findMeetingTimes" function enabled/installed within the tenant.
The workaround for the time being for us is to use the Outlook REST API, which has a similar function: https://learn.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/calendar-rest-operations#FindMeetingTimes