Share via

Listing OneNote Notebooks in My Company's Sharepoint with my PHP Web App

Matt Visnovsky 0 Reputation points
2023-03-31T20:25:26.42+00:00

Hey all,

I am trying to write a simple script to connect and list all of the OneNote notebooks in my company's SharePoint, however I am being met with the error message:

AADSTS500011: The resource principal named https://graph.microsoft.com/Notes.ReadWrite.All was not found in the tenant named [Friendly Name of my Tenant].

I have granted permissions to my app in the Azure application registration, so I don't understand why I am seeing this error, and can't seem to work past it. Here is how I have configured the application permissions in the app's API permissions:

User's image

I have verified my $tenant ID is correct, as well as $appId and $appSecret.

I'm going to past the entirety of my script to see if I am missing something obvious. Any help is much appreciated.

<?php

// Set the parameters
$tenant = {TENANT_ID};
$scope = "https://graph.microsoft.com/Notes.ReadWrite.All";
$appId = {APPLICATION_ID};
$appSecret = {APPLICATION_SECRET};

// Construct the URL
$url = "https://login.microsoftonline.com/$tenant/oauth2/v2.0/token";

// Set the headers
$headers = array(
    "Content-Type: application/x-www-form-urlencoded",
    "Host: login.microsoftonline.com"
);

// Set the body
$body = http_build_query(array(
    "client_id" => $appId,
    "client_secret" => $appSecret,
    "scope" => $scope . "/.default",// Here I append the /.default suffix because this is app access
    "grant_type" => "client_credentials",
));

// Perform the request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

print_r(json_decode($response));

// This prints the error message
// [error] => invalid_resource
// [error_description] => AADSTS500011: The resource principal named https://graph.microsoft.com/Notes.ReadWrite.All was not found in the tenant named {My tenant friendly name}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
OneNote
OneNote
A family of Microsoft products that enable users to capture, organize, and reuse notes electronically.
178 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,354 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 39,821 Reputation points
    2023-04-03T03:11:45.8533333+00:00

    Hi @Matt Visnovsky

    The OneNote REST API and the graph API are not the same resource API, and permissions that apply to the graph API should be granted under the graph resource API:

    40

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.