Status 401 when requesting a list of users using the Graph HTTP API

Andy King 0 Reputation points
2024-02-29T07:08:25.8566667+00:00

I am able to get an access token successfully, and the access token includes a "Roles" property with User.Read.All in the value, but I'm getting a 401 response when I try to execute a "get" from https://graph.microsoft.com/v1.0/users.

I obtained the access token immediately before attempting to get the user list, and so I am fairly certain it hadn't expired!

Here's the decoded token: { "typ": "JWT", "nonce": "DSKkpNwYAnz8z9bPfeFI7N2Yze0v2UfA3Y3n3yZ2Al8", "alg": "RS256", "x5t": "XRvko8P7A3UaWSnU7bM9nT0MjhA", "kid": "XRvko8P7A3UaWSnU7bM9nT0MjhA" }.{ "aud": "https://graph.microsoft.com", "iss": "https://sts.windows.net/3751d48b-a19b-4964-9c22-3f30ccc7aeb8/", "iat": 1709167326, "nbf": 1709167326, "exp": 1709171226, "aio": "E2NgYDgXfDvYpSnJtnex8B+1cwxiAA==", "app_displayname": "Harris", "appid": "564fbbbd-4087-4078-bdbd-9fa482ac63e7", "appidacr": "1", "idp": "https://sts.windows.net/3751d48b-a19b-4964-9c22-3f30ccc7aeb8/", "idtyp": "app", "oid": "850bb594-225c-4651-aa6d-fcea51d69a9f", "rh": "0.AX0Ai9RRN5uhZEmcIj8wzMeuuAMAAAAAAAAAwAAAAAAAAAB9AAA.", "roles": [ "User.ReadBasic.All", "User.ReadWrite.All", "User.Read.All", "UserNotification.ReadWrite.CreatedByApp" ], "sub": "850bb594-225c-4651-aa6d-fcea51d69a9f", "tenant_region_scope": "NA", "tid": "3751d48b-a19b-4964-9c22-3f30ccc7aeb8", "uti": "qAFlqOUlPUu_C7eV7WQgAA", "ver": "1.0", "wids": [ "0997a1d0-0d1d-4acb-b408-d5ca73121e90" ], "xms_tcdt": 1616716344 }.[Signature]

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,845 questions
{count} votes

2 answers

Sort by: Most helpful
  1. CarlZhao-MSFT 41,286 Reputation points
    2024-02-29T08:38:28.12+00:00

    Hi @Andy King

    Make sure your access token has not expired. The default lifetime of an access token is 1 hour, after which it automatically expires.

    Decode the access token and make sure the aud claim is "https://graph.microsoft.com" or "00000003-0000-0000-c000-000000000000".

    User's image

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.