Microsoft Graph API Error 403 when requesting List conversations

Question

Microsoft Graph API Error 403 when requesting List conversations

Johnny Gabritchidze 20

I am trying to write a Python script in Jupyter Notebook to connect to the Graph API on behalf of the user. I have successfully managed to acquire access token and retrieved List groups. When I try to request "/groups/{id}/conversations" code returns error.
What I done:
Created App on Azure Directory

Given below permissions
Delegated and Application Permission: Group.Read.All
Given admin consent
Got the Access token using MSAL:
scopes = ['https://graph.microsoft.com/.default']

Create a PublicClientApplication instance

app = PublicClientApplication(client_id, authority=f'https://login.microsoftonline.com/{tenant_id}')

Start the Device Code Flow

result = app.initiate_device_flow(scopes=scopes)

token = app.acquire_token_by_device_flow(result)

access_token = token['access_token']

Received access token from above API
Retrieved List groups.
When sending request on this endpoint "https://graph.microsoft.com/v1.0/groups/{id}/conversations"
I getting error:

Error: 403 - {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again., User 'user_id' not authorized to access group 'group_mail'. Reason: '(0xD10)'."}}

User is Global admin.

Answer 1

CarlZhao-MSFT 32,126

Hi @Johnny Gabritchidze

This issue has nothing to do with permissions, the logged in user must be the owner of the group to retrieve the list of conversations in the group.

User's image

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Johnny Gabritchidze 20 Reputation points

2023-10-27T12:54:45.84+00:00

@CarlZhao-MSFT Thank you for assistance!
Due to the organization's policies, I cannot be added as the owner of all the groups within the organization.

What I am trying to achieve is to retrieve the last dates when the groups received emails. Could you please provide me with some insight? I could not find any other ways in Graph documentation to query these dates..
CarlZhao-MSFT 32,126 Reputation points

2023-10-31T06:55:07.46+00:00
Hi @Johnny Gabritchidze

Group messages cannot be retrieved, only group conversations, as you are doing. If you want to get the latest group conversations, then just sort the returned result set.

https://graph.microsoft.com/v1.0/groups/{group id}/conversations?$orderby=lastDeliveredDateTime desc

However, as I said in my answer, the calling user must be the owner of the group, otherwise access will be blocked.

If your group policy does not allow you to be set as the owner of the group, then try calling this API endpoint using an unattended daemon (application permissions only).
Johnny Gabritchidze 20 Reputation points

2023-11-01T07:34:32.31+00:00
@CarlZhao-MSFT Thank you! When I tried calling 'graph.microsoft.com/v1.0/groups/{id}/conversations' API endpoint using App-only access it returned.

Error: 403 - {"error":{"code":"AppOnlyAccessNotEnabledForTarget","message":"App Only access is not allowed for target resource
CarlZhao-MSFT 32,126 Reputation points

2023-11-01T07:48:49.5566667+00:00

Hi,

Have you granted the appropriate application permissions to your app? Please try to decode your access token and share the screenshot.

Johnny Gabritchidze 20

This are granted permissions.

'roles': ['Mail.ReadBasic.All', 'Group.Read.All', 'Group.ReadWrite.All', 'Directory.Read.All', 'User.Read.All', 'GroupMember.Read.All', 'Mail.Read', 'Reports.Read.All'],

Microsoft Graph API Error 403 when requesting List conversations

Create a PublicClientApplication instance

Start the Device Code Flow

0 additional answers

Activity