Find a online meeting using a filter. No Application Access Policy found for this app

Question

I have a meeting join URL and need to obtain the online meeting data.

I am using the next query: https://graph.microsoft.com/v1.0/users/{user-id}/onlineMeetings?$filter=JoinWebUrl eq '{join-url}'

While it works on Graph Explorer using my user, it does not work from my PHP app using the graph API with the following error:

Client error: GET https://graph.microsoft.com/v1.0/users/{user id}/onlineMeetings?$filter=JoinWebUrl%20eq%20'https://teams.microsoft.com/l/meetup-join/19%3ameeting_{some characters}%40thread.v2/0?context=%7b%22Tid%22%3a%22{another id?}%22%2c%22Oid%22%3a%22{another id?}%22%7d' resulted in a 403 Forbidden response:\n{\"error\":{\"code\":\"General\",\"message\":\"No Application Access Policy found for this app.\",\"innerError\":{\"request-id\":\"c2afdedf-f37f-4b01-bd4a-bcb5a645fde2\",\"date\":\"2022-10-18T10:27:22\",\"client-request-id\":\"c2afdedf-f37f-4b01-bd4a-bcb5a645fde2\"}}}\n

Graph Explorer tells me I need to ask for the next permissions:

These are the permissions I have assigned to my app:

Maybe the problem could be in the next code. I do not know if the scopes are right:

   php  
           $guzzle = new \GuzzleHttp\Client();  
           $url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';  
           $token = json_decode($guzzle->post($url, [  
               'form_params' => [  
                   'client_id' => $clientId,  
                   'client_secret' => $clientSecret,  
                   'resource' => 'https://graph.microsoft.com/',  
                   'grant_type' => 'client_credentials',  
                   'scopes' => 'openid profile offline_access user.read ' .  
                               'mailboxsettings.read calendars.readwrite ' .  
                               'onlinemeetings.read onlinemeetings.readall ' .  
                               'meetings.readwrite onlinemeetings.readwrite ' .  
                               'onlinemeetingartifact.readall group.readwrite '  
               ],  
           ])->getBody()->getContents());  

Please, how can I make this work? Thank you!

Answer 1

Hi @Anonymous

This is because Graph Explorer uses delegated permissions by default, and delegated permissions don't require the creation of an application access policy. But your PHP script is using a client credential flow based on application permissions to get an access token, and with application permissions you need to create an application access policy, which is what causes the problem.

You can use auth code flow or ROPC flow instead of the client credential flow to solve this problem.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi @Anonymous ,

From the body I can see that you are using application permission to perform this query.

To use application permission for this API, tenant administrators must create an application access policy and grant it to a user to authorize the app configured in the policy to fetch online meetings and/or online meeting artifacts on behalf of that user (with user ID specified in the request path).

Please refer to onlinemeeting-get documentation for more information and refer this documentation on creating /configuring application access policy in your tenant.

Please check for other verified answers in this threads for more information: https://learn.microsoft.com/en-us/answers/questions/84732/getting-error-if-i-create-onlinemeeting.html?childToView=88829#answer-88829

Hope this helps.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".