Getting exception Me Request is valid with Delegated authentication flow

Question

Hi Team,

I am using Microsoft.Graph 5.0. I am getting exception "Me Request is valid with Delegated authentication flow". See my below code and Please suggested what things I am doing wrong here to invoke the graphServiceClient object. If you have sample code for Delegated authentication flow of Microsoft.Graph 5.0 please provide me as below link is not quite enough https://github.com/microsoftgraph/msgraph-sdk-dotnet/blob/dev/docs/upgrade-to-v5.md

public class TokenProvider : IAccessTokenProvider

{

protected readonly string[] scopes = { "https://graph.microsoft.com/.default" };

public async Task<string> GetAuthorizationTokenAsync(Uri uri, Dictionary<string, object> additionalAuthenticationContext = default,

    CancellationToken cancellationToken = default)

{

    var _clientApplication = ConfidentialClientApplicationBuilder.Create("clientid")

                        .WithAuthority("https://login.microsoftonline.com/tenantid")

                        .WithClientSecret("Secret")

                        .Build();

    string GetaccessToken = _clientApplication.AcquireTokenForClient(scopes.ToArray()).ExecuteAsync().Result.AccessToken;

    // get the token and return it in your own way

    return await Task.FromResult(GetaccessToken);

}

public AllowedHostsValidator AllowedHostsValidator { get; }

}

public async Task<User> Login()

{

try

{

    var authenticationProvider = new BaseBearerTokenAuthenticationProvider(new TokenProvider());

    var graphServiceClient = new GraphServiceClient(authenticationProvider);

    var me = await graphServiceClient.Me.GetAsync();

    return User;

}

catch(Exception ex)

{

    return User;

}

}

Error which is coming :

Answer 1

Hello @Anonymous ,

It appears you are Client Credential flow Authentication with /me Microsoft Graph endpoint.

Usage of /me is supported with delegated permission flow.

https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-beta&tabs=http#permissions

Reference for how to get access token on behalf of user:

https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-beta&tabs=http

https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?view=graph-rest-beta&tabs=csharp

Similar questions for your reference,

https://learn.microsoft.com/en-us/answers/questions/852080/how-to-fix-me-request-is-only-valid-with-delegated

https://learn.microsoft.com/en-us/answers/questions/1275928/error-message-me-request-is-only-valid-with-delega

Hope this helps. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Answer 2

Hi Srini,

Now For the Token generation I am using below code :

var _clientApplication = ConfidentialClientApplicationBuilder.Create("clientid") .WithAuthority("https://login.microsoftonline.com/tenantid") .WithClientSecret("Secret") .Build(); string GetaccessToken = _clientApplication.AcquireTokenForClient(scopes.ToArray()).ExecuteAsync().Result.AccessToken;

for invoking the graph Client object :

ClientSecretCredential clientSecretCredential = new ClientSecretCredential(tenantID, clientId, clientSecret);

GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, scopes);

User me = await graphClient.Users["user-id"].GetAsync();

1. Now me(user) is coming with above code and CouId you please confirm am I doing the right thing or we have another way to create the graph Client object by using the above token, do we have any sample code?
2. By using the above token we are hitting URL("https://graph.microsoft.com/beta/appCatalogs/teamsApps") to upload the app manifest file but we are getting forbidden Could you please tell me what wrong here, our token is generated by the clientID and Client Secret why it is not working here?
3.