How do I get group members from Graph API with default scope

Question

How do I get group members from Graph API with default scope

Andreas Hesse 0

So my app gets an access token with tenant_id and scope 'https://graph.microsoft.com/.default' but the token isn't the same as in the Graph Explorer. I just need my app to be able to do the same as in the browser so I don't have to copy the token from the web into my CLI all the time. The documentation is intimidating and just so confusing. How do I make my app have the same permissions as me?

1 answer

Your answer

Answer 1

Anonymous

Hi @Andreas Hesse,

If you want to verify whether your token has the relevant permissions to access group members, you can parse the token in this link and then check whether the scp attribute has permissions:

User's image

Here are the permissions required to list group members: List group members permissions.

To add graph permissions, you can follow steps below:

Go to the app's API permissions page.
Select Add a permission and then choose Microsoft Graph in the flyout.
Select Delegated permissions or Application permissions.
Use the search box to find and select the required permissions.

User's image

If you want to build a project to call Microsoft Graph Api, you can refer to the code in the official documentation:

Choose a Microsoft Graph authentication provider based on the scenario.

List group members.

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Andreas Hesse 0 Reputation points

2024-01-26T22:34:06.3133333+00:00
Hello @Anonymous and thank you for your answer. I have now the following app permissions in the portal:

I then get a token (with scope .default) to try and put it to use. The decoded JWT lists the these roles:

"roles": [ "Teamwork.Migrate.All", "GroupMember.Read.All", "Mail.Send" ],

Calling GroupMember.Read.all returns nothing: You can see I have Teamwork.Migrate.all enabled. Also, in Postman, when I post a test message to one of our channels I get the following error:

How am I to figure all this out? Thanks again A
Akash Jadav 85 Reputation points Microsoft External Staff

2024-01-28T07:33:32.0066667+00:00
Hi,

can you please provide your purpose, which API is you are calling?

You can view all the API permissions you have in Graph Explorer by clicking on your Profile Pic -> Consent to Permissions -> filter for consented permissions.

you can set these permissions in App registrations -> Api permissions.
Regarding the error, can you share a screenshot of the successful API call in Graph Explorer and just brief us above the business use case you are trying to achieve?
Anonymous

2024-01-29T01:22:30.5966667+00:00

Hi @Andreas Hesse，

Have you tried to send request in Graph Explorer? Could you please share the screenshot of Graph Explorer without '$select'?

Share via

How do I get group members from Graph API with default scope

1 answer

Your answer