Hey all,
I am trying to write a simple script to connect and list all of the OneNote notebooks in my company's SharePoint, however I am being met with the error message:
AADSTS500011: The resource principal named https://graph.microsoft.com/Notes.ReadWrite.All was not found in the tenant named [Friendly Name of my Tenant].
I have granted permissions to my app in the Azure application registration, so I don't understand why I am seeing this error, and can't seem to work past it. Here is how I have configured the application permissions in the app's API permissions:
I have verified my $tenant ID is correct, as well as $appId and $appSecret.
I'm going to past the entirety of my script to see if I am missing something obvious. Any help is much appreciated.
<?php
// Set the parameters
$tenant = {TENANT_ID};
$scope = "https://graph.microsoft.com/Notes.ReadWrite.All";
$appId = {APPLICATION_ID};
$appSecret = {APPLICATION_SECRET};
// Construct the URL
$url = "https://login.microsoftonline.com/$tenant/oauth2/v2.0/token";
// Set the headers
$headers = array(
"Content-Type: application/x-www-form-urlencoded",
"Host: login.microsoftonline.com"
);
// Set the body
$body = http_build_query(array(
"client_id" => $appId,
"client_secret" => $appSecret,
"scope" => $scope . "/.default",// Here I append the /.default suffix because this is app access
"grant_type" => "client_credentials",
));
// Perform the request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
print_r(json_decode($response));
// This prints the error message
// [error] => invalid_resource
// [error_description] => AADSTS500011: The resource principal named https://graph.microsoft.com/Notes.ReadWrite.All was not found in the tenant named {My tenant friendly name}. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.