This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Experts,
I've registered an app in Azure with the following API permission via Microsoft Graph: Sites.Read.All and have admin consent.
The following code is returning this error (note hidden client ID, client secret, tenant ID and site url - these are all confirmed correct).
import requests
from msal import ConfidentialClientApplication
client_id = 'XXX'
client_secret = 'XXX'
tenant_id = 'XXX'
site_url = 'XXX'
def get_access_token():
authority = f"https://login.microsoftonline.com/{tenant_id}"
app = ConfidentialClientApplication(client_id, authority=authority, client_credential=client_secret)
result = app.acquire_token_for_client(scopes=["https://graph.microsoft.com/.default"])
if "access_token" in result:
return result['access_token']
else:
print("Error acquiring token:")
print(result)
return None
def get_sharepoint_data(query):
access_token = get_access_token()
if not access_token:
return {"error": "Failed to acquire access token"}
headers = {
'Authorization': f'Bearer {access_token}',
'Accept': 'application/json'
}
url = f"https://graph.microsoft.com/v1.0/sites/{site_url}/search/query?querytext='{query}'"
response = requests.get(url, headers=headers)
return response.json()
query = "Your search query here"
response = get_sharepoint_data(query)
print(response)
'error': 'code': 'AccessDenied', 'message': 'Either scp or roles claim need to be present in the token.'
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 82%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
Thank you for your question.
We are currently looking into this issue and will give you an update as soon as possible.
Thank you for your understanding and support.
Hi @Sophie Rowbotham,
Thank you for posting in this community.
After configuring permissions, you need to click grant admin consent button.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Ling Zhou_MSFT - thanks so much for helping, my admin granted admin consent for me:
You can see the option is greyed out for me.
Hi @Sophie Rowbotham,
Thank you for your reply.
Have you check if the token has the permission by decoding the access token?
You can change the ALGORITHM to HS256 to decode your token.
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 74%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKJ%3C/text%3E%3C/svg%3E)
I run into the same issue despite having the required access roles. On other forums, I have read that this is a bug in the library. Are there any new updates?