How to fix the "401: FileOpenUserUnauthorized" error on the https://graph.microsoft.com/v1.0/me/drive/items/{workbook_id}/workbook/worksheets endpoint?
Certainly! Here is your text with corrected grammar:
Hello, I have created an integration that reads any new rows added inside the selected workbook. I present the user with a dropdown to select the worksheet they want to monitor. This dropdown gets populated by making an API call to the following endpoint:
GET: https://graph.microsoft.com/v1.0/me/drive/items/{WORKBOOK_ID}/workbook/worksheets
The integration has been working just fine for over a year, but it has suddenly stopped loading the worksheets. This issue is occurring for certain accounts only. Some accounts are working, while others are not. The account that I am using to post this message is one of the accounts that fails to load the worksheets, but other accounts are working. All of my accounts are personal account not belonging to any organizations. I don't know what went wrong, but I see multiple similar threads opened recently. What is going on? The error that I initially received while making the API call is:
{
"error": {
"code": "FileOpenUserUnauthorized",
"message": "You do not have permissions to open this file in the browser.",
"innerError": {
"code": "unauthorizedUncategorized",
"message": "Required authentication information for the resource is either missing or invalid.",
"innerError": {
"code": "FileOpenUserUnauthorized",
"message": "You do not have permissions to open this file in the browser."
},
"date": "2024-06-04T15:05:28",
"request-id": "6d358db4-1a80-4db3-97cd-9f39aedac55f",
"client-request-id": "6d358db4-1a80-4db3-97cd-9f39aedac55f"
}
}
}
Now, I am receiving the following error:
{
"error": {
"code": "AccessDenied",
"message": "Could not obtain a WAC access token.",
"innerError": {
"date": "2024-06-11T12:58:22",
"request-id": "210a330e-eb43-48a5-8ea8-e3e3d49b42cc",
"client-request-id": "210a330e-eb43-48a5-8ea8-e3e3d49b42cc"
}
}
}
The access token generated has all the necessary permissions because it is working for some of the accounts. The scopes being used for auth are:
User.Read Files.ReadWrite Files.ReadWrite.All offline_access
One more thing, I am not sure if it makes any difference or not but when I look into the file details when I make the following API call:
https://graph.microsoft.com/v1.0/me/drive/items/{workbook_id}
The @microsoft.graph.downloadUrl
in the response looks something like this for all the accounts that are not working:
{"@microsoft.graph.downloadUrl": "https://my.microsoftpersonalcontent.com/personal/756a2915e8738379/_layouts/15/download.aspx?UniqueId=e8738379-2915-206a-8075-750000000000&Translate=false&tempauth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaCIsImFwcGlkIjoiMDAwMDAwMDMtMDAwMC0wMDAwLWMwMDAtMDAwMDAwMDAwMDAwIiwiYXVkIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8MDAwM2JmZmQ3MDljNTdmYUBsaXZlLmNvbSIsImNpZCI6InBSclI2c3N0VmtPTkNXVWdlREsycmc9PSIsImVuZHBvaW50dXJsIjoiVEZLT2ExYUpqc202Tko1YjM5VkNCSk16Sk1xUWNkc1hOV0Y0RFRDeENZWT0iLCJlbmRwb2ludHVybExlbmd0aCI6IjE1MyIsImV4cCI6IjE3MTc1MjAyMDgiLCJpcGFkZHIiOiI1Mi4xMDQuMTA3LjEzNSIsImlzbG9vcGJhY2siOiJUcnVlIiwiaXNzIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwIiwibmJmIjoiMTcxNzUxNjYwOCIsInB1aWQiOiIwMDAzQkZGRDcwOUM1N0ZBIiwic2NwIjoibXlmaWxlcy5yZWFkIGFsbGZpbGVzLndyaXRlIGFsbHByb2ZpbGVzLnJlYWQiLCJzaWQiOiI5MzYxODg5NzUyODA1OTQ4MTkzX2MxYjM1ZDM0LTRhZjMtNDMwNS04YjI0LTgwNTBjODRkYzVmYyIsInNpdGVpZCI6Ik1EaG1OalEyTjJVdFpUZGxZaTAwTlRRNExUZ3hNelF0TURZelpqSXlZekU0WmpsaiIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsInR0IjoiMiIsInVwbiI6InNhbWFydGh2cmxham1AZ21haWwuY29tIiwidmVyIjoiaGFzaGVkcHJvb2Z0b2tlbiJ9.QxAlx3kv0ZQHk4ERpFZZsw21fZM4BhLEiT_zLIGd3OU&ApiVersion=2.0"}
And for the accounts that are working, it looks something like this:
{"@microsoft.graph.downloadUrl": "https://cvjznw.bn.files.1drv.com/y4mYzO8AiV_66a0904artBXwROEPPga8jX1nxGZvU9FDjA0Dr9idYY8WL1-pVcJQnSva3ouyjz5JCcXuuvycj2ObSEA2sTDzIN3NMxQcEwxIAKTAZDzWb-KuFnALgFqc8KLme-zUtHe4pFtLxQmE3FJde-10gYP4DSnzk9m-WWy6YblVqIMVrfIG6eWuZDKpUjP9G2-zNUxRGVE8xHxIfLmOA"}
Look at the base URLs, it is completely different for the accounts that work but for the ones that are not working, the files are somewhere in the Microsoftpersonalcontent.com. IDK if this makes any difference but this is the only thing changed I was able to spot between these accounts.
Please do look into this.
Thank you