Share via

Graph API Authentication - 401 Unknown Error after 1 hour

Craig Goodbrand 1 Reputation point
2022-09-29T23:40:37.243+00:00

Hi,

I have set up an app which uses delegated permissions to query the driveItem endpoint for a Sharepoint Site List - GET /sites/{site-id}/lists/{list-id}/items/{item-id}/driveItem
(https://learn.microsoft.com/en-us/graph/api/driveitem-get?view=graph-rest-1.0&tabs=http)

The requests respond successfully for 1 hour following authentication of the OAuth credential, but then start returning 401 Unknown Errors.

My App follows the delegated permissions flow (https://learn.microsoft.com/en-us/graph/auth-v2-user?context=graph%2Fapi%2F1.0&view=graph-rest-1.0) - the app has been given delegated admin permission for Sites.Read.All and I can confirm that the decoded authentication token includes the Sites.Read.All scope. I can also confirm that the app is able to retrieve a refresh token, but even after refreshing the token I am still getting the 401 errors.

The only thing that seems to make the authentication start working again is if I manually visit the Sharepoint site in question in my browser, after which the requests start responding successfully for 1 hour before they start failing again.

Can anyone offer any insight into what could be happening here? My account on the Azure Active Directory was set up by the organisation, but I do not have an organizational account, my account is with a different organization, although I am set up as an owner of the application.

Thanks!

Microsoft Security Microsoft Graph

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,161 Reputation points Microsoft Employee
    2022-09-30T03:33:34.633+00:00

    Make sure that your application is presenting a valid access token to Microsoft Graph as part of the request. This error often means that the access token may be missing in the HTTP authenticate request header or that the token is invalid or has expired.

    We strongly recommend that you use the Microsoft Authentication Library (MSAL) for access token acquisition. Additionally this error may occur, if you try to use a delegated access token granted to a personal Microsoft account, to access an API that only supports work or school accounts (organizational accounts).

    You can also check the answers already available on Microsoft Q&A for 401 errors -https://learn.microsoft.com/en-us/answers/search.html?q=%5Bmicrosoft-graph%5D%20401%20&redirect=search%2Fsearch&sort=relevance&type=question%20OR%20idea%20OR%20kbentry%20OR%20answer%20OR%20topic%20OR%20user

    Hope this help , Let me know if you have any questions.

    Thanks

    ----------

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

  2. Craig Goodbrand 1 Reputation point
    2022-10-16T22:53:36.767+00:00

    Confirming that the reason for this seemed to be what @Vicky Kumar (Mindtree Consulting PVT LTD) suggested -

    Additionally this error may occur, if you try to use a delegated access token granted to a personal Microsoft account, to access an API that only supports work or school accounts (organizational accounts).

    The way around it was to authenticate the app using a Microsoft account with the same email domain as the organization.

  3. Daniel Alisch 0 Reputation points
    2025-02-12T16:29:24.1233333+00:00

    Hi, currently I got the same issue. My Graph API Call is getting the unknown error issue until I open the sharepoint in my browser for one time. Then the graph api call with the same access token will process completely and successfully.

    Have you solved the issue?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.