"No Application Access Policy found for this app" - works in graph explorer but not from Web App using App Services

Mayura 0 Reputation points
2023-02-24T18:23:54.02+00:00

I created a Web App hosted on Azure App Services following this - https://learn.microsoft.com/en-us/azure/active-directory/develop/multi-service-web-app-access-microsoft-graph-as-app?tabs=azure-powershell%2Cprogramming-language-nodejs

I added the Permission - "OnlineMeetings.ReadWrite.All" as well.

User's image

I also created a new policy with

New-CsApplicationAccessPolicy and granted it to Web App

The App works with listing the users and shows the ID. I get back the following token. It shows Onlinemeetings.readwrite.all is available.

User's image

But when I try to create a meeting with the same token following this (Application permissions) - https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-beta&tabs=http&WT.mc_id=M365-MVP-5001530

/users/adminuserid/onlineMeetings

I get this error "No Application Access Policy found for this app."

Which user id should be used here? I am using the admin user id that created the application.

When I run this query in Graph Explorer on the same tenant, i can create a meeting. But it is using the admin user id and showing the Admin user info as well. While the token obtained through the app does not show the user details ( which is also strange, as I can display the users id and list users on the AD )

User's image

Also I am obtaining the token in nodejs in the following manner:

getAuthenticatedClient = (accessToken) => {
    // Initialize Graph client
    const client = graph.Client.init({
        // Use the provided access token to authenticate requests
        authProvider: (done) => {
            done(null, accessToken);
        }
    });

    return client;
}

Should I be initializing the graph client some other way?

I seem to have misconfigured it somehow and any help with this issue would be appreciated.

Thanks!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,447 questions
Microsoft Teams Development
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
2,814 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shivam Dhiman 5,946 Reputation points
    2023-02-24T23:28:13.14+00:00

    Hi @Mayura

    For validating application access policy you can run this command Get-CsApplicationAccessPolicy to check if the policy created successfully or not. If not please follow the below steps to create Application access policy.
    As per this Microsoft Documentation, we need to identify the app’s application (client) ID in the Azure app registration portal
    and place it in this command: New-CsApplicationAccessPolicy -Identity newApp-policy -AppIds "{application (client) ID}". In the next step we need to Identify the user's user (object) ID in the Azure user management portal and then use this command: Grant-CsApplicationAccessPolicy -PolicyName newApp-policy -Identity "{object ID}"

    App

    Please make sure you are using App ID in the command.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.