403 forbidden error while calling Graph API endpoint for fetching users

Question

403 forbidden error while calling Graph API endpoint for fetching users

sonal khatri 91

Hello,

I am receiving 403 error when I am trying to access graph API endpoint. I have registered my application in Azure AD with necessary permissions to call graph API endpoint. I have added group claim for ID, Access and SAML with groupId selected in "Token Configuration".
I created a Security group and added myself as the user.
My requirement is to fetch Users for that particular group from Azure AD and I am performing this operation from my API application and I am the signed user.
Could you please assist me in this?

Here is my code for calling Graph API:

            // Constants for your Azure AD application and group
            const string clientId = "clientId";
            const string clientSecret = "secret";
            const string tenantId = "tenantId";
            const string groupId = "groupId";
            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

            // Create the GraphServiceClient
            var confidentialClientApplication = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithClientSecret(clientSecret)
                .WithAuthority($"https://login.microsoftonline.com/{tenantId}")
            .Build();
                var result = await confidentialClientApplication.AcquireTokenForClient(scopes)
                    .ExecuteAsync();

                var accesstoken = result.AccessToken;

            using (HttpClient httpClient = new HttpClient())
            {
                string graphApiEndpoint = "https://graph.microsoft.com/v1.0";
                string requestUrl = $"{graphApiEndpoint}/groups/{groupId}/members";

                httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accesstoken);

                HttpResponseMessage response = await httpClient.GetAsync(requestUrl);

                if (response.IsSuccessStatusCode)
                {
                    string responseBody = await response.Content.ReadAsStringAsync();
                    Console.WriteLine(responseBody);
                }
                else
                {
                    Console.WriteLine($"Request failed with status code: {response.StatusCode}");
 
               }

Mehtab Siddique (MINDTREE LIMITED) 971 Reputation points

2023-06-15T11:42:20.22+00:00

Hi @sonal khatri, is your issue has been resolved? and these are the permissions required for fetching group members:https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http#permissions

1 answer

Your answer

Mehtab Siddique (MINDTREE LIMITED) 971 Reputation points

2023-06-15T11:42:20.22+00:00

Hi @sonal khatri, is your issue has been resolved? and these are the permissions required for fetching group members:https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http#permissions

Answer 1

Akshay Kaushik 18,026 Microsoft Employee Moderator

@sonal khatri

Thank you for posting your query on Microsoft Q&A. From above error its seems like your application/user does not have permissions to access the user group members via graph API. However to confirm the same kindly:

Try accessing the group members directly via Graph AP by running the following query:

GET https://graph.microsoft.com/v1.0/groups/{group-id}/member

Screenshot of the permissions given to the application from AzureAD app registration > "select you app" > API permission

Please do let me know if you have any queries.

Thanks,

Akshay Kaushik

0 comments

Share via

403 forbidden error while calling Graph API endpoint for fetching users

1 answer

Your answer