Cannot get responses from the MS Graph API

Jorziño Barradas 20 Reputation points
2024-06-18T16:52:26.3833333+00:00

Hello community,

I am new to APIs and for sure to Microsoft Grant APIs.

I have followed the instructions in the articles below to register a new application.

In one of the articles that explains how to access token is better to use the Microsoft Authentication Library (MSAL) (see third link).

I was able to follow the instructions accordingly and clone the application provided by MS in GitHub (see 4th link).
The request was successful as I have inserted my tenant details successfully in this code and run the file:

{
"AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "TenantId": "Enter the tenant ID obtained from the Microsoft Entra admin center",
  "ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",
  "ClientCertificates": [
    {
      "SourceType": "StoreWithThumbprint",
      "CertificateStorePath": "CurrentUser/My",
      "CertificateThumbprint": "Enter the certificate thumbprint obtained the Microsoft Entra admin center"
    }   
  ],
  "CallbackPath": "/signin-oidc"
},
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0/",
    "RelativePath": "me",
    "Scopes": [ 
      "user.read" 
    ]
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

However, when I change the RelativePath to "me/messages" to get all my emails I received the following error:

An unhandled exception occurred while processing the request.

HttpRequestException: Invalid status code in the HttpResponseMessage: Unauthorized: {"error":{"code":"AuthOMMissingRequiredPermissions","message":"The AadGuestPft token doesn't contain the permissions required by the target API for calling app...

Further, I have also tried to get an access token by running the following link:

https://login.microsoftonline.com/[mytenant]/oauth2/v2.0/token -> (have removed my tenant id but was located at [mytenant]

But I have also getting this message:

Sorry, but we’re having trouble signing you in.

AADSTS900561: The endpoint only accepts POST, OPTIONS requests. Received a GET request.

Can someone please help me this? I would need to also query this data for other people in my organization.

Any help will be much appreciated.

Instructions Followed

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app

https://learn.microsoft.com/en-us/graph/auth-v2-service?tabs=http#use-the-microsoft-authentication-library-msal

https://learn.microsoft.com/en-us/graph/auth/auth-concepts

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-web-app-dotnet-core-sign-in

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,320 questions
0 comments No comments
{count} votes

Accepted answer
  1. Yakun Huang-MSFT 2,185 Reputation points Microsoft Vendor
    2024-06-19T02:56:04.0066667+00:00

    Hi @Jorziño Barradas

    Accessing /me/messages endpoints requires the app to have delegation permissions

    Mail.ReadBasic or Mail.Read.

    There are two ways to grant delegation permissions, as follows:

    The first way, Grant in a Microsoft Entra ID, as shown below:

    User's image

    The second way, send a GET request to grant, the request content is as follows:

    GET https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
    client_id={client_id}
    &response_type=code
    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
    &response_mode=query
    &scope=offline_access user.read mail.read
    &state=12345
    

    To get a token, you need to send a POST request, which reads as follows:

    POST /{tenant}/oauth2/v2.0/token
    client_id={client_id}
    &scope=offline_access user.read mail.read
    &code={code}
    &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
    &grant_type=authorization_code
    &client_secret={client_secret}
    

    See the link below for more details:

    https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

    https://learn.microsoft.com/en-us/graph/api/user-list-messages?view=graph-rest-1.0&tabs=http

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


0 additional answers

Sort by: Most helpful