ODataError: Exception on Client credentials provider authenticion for Microsoft Graph

Милош Бабовић 5 Reputation points
2023-03-23T11:43:39.5233333+00:00

I have this code: 

            var scopes = new[] { "https://graph.microsoft.com/.default" };
            var tenantId = "<tenant-id>";
            var clientId = "<client-id>";
            var clientSecret = "<client-secret>";
            var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
            };
            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
            var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
            var result = await graphClient.Me.GetAsync();
            return result;

with these permissions:

User's image

In a basic .NET Core 7 app with added Microsoft.Graph.

It returns error:

ODataError: Exception of type 'Microsoft.Graph.Models.ODataErrors.ODataError' was thrown.

  • Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponse(HttpResponseMessage response, Dictionary<string, ParsableFactory<IParsable>> errorMapping, Activity activityForAttributes)
  • Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync<ModelType>(RequestInformation requestInfo, ParsableFactory<ModelType> factory, Dictionary<string, ParsableFactory<IParsable>> errorMapping, CancellationToken cancellationToken)
  • Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync<ModelType>(RequestInformation requestInfo, ParsableFactory<ModelType> factory, Dictionary<string, ParsableFactory<IParsable>> errorMapping, CancellationToken cancellationToken)
  • ........

What am I missing?

Thanks in advance!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,485 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 36,496 Reputation points
    2023-03-24T07:38:01.1933333+00:00

    Hi @Милош Бабовић

    The client credentials flow is an unattended authentication flow, it can only be used to call the /users/{user id} endpoint and not the /me endpoint, because your user is not participating in the login.

    Also, delegated permissions can only be used in the delegated authentication flow (i.e. auth code flow or ROPC flow), while for the client credentials flow, it only supports application permissions.

    37

    var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "<tenant-id>";
var clientId = "<client-id>";
var clientSecret = "<client-secret>";
var options = new TokenCredentialOptions
{
  AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var result = await graphClient.Users["{user-id}"].GetAsync();
return result;

    If your context requires that you must use delegated permissions to get information about the logged-in user, then you can refer to a similar question I replied to earlier.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    6 people found this answer helpful.