Graph API OnlineMeeting 403 Forbidden - Username-password authentication
Hi,
I am trying to create online meeting using Graph API
https://graph.microsoft.com/v1.0/me/onlineMeetings and/or
https://graph.microsoft.com/beta/me/onlineMeetings
Both the APIs are returning following response
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2020-12-18T10:37:52",
"request-id": "e78a7278-cf98-4fb3-8234-99c253aaecbf",
"client-request-id": "e78a7278-cf98-4fb3-8234-99c253aaecbf"
}
}
}
The token that is being passed is generated using Username-Password authentication. When generated token is parsed, it is like
{
"aud": "00000003-0000-0000-c000-000000000000",
"iss": "https://sts.windows.net/cae7cc37-2316-4715-bccf-01fbbc1f9b55/",
"iat": XXXXXXXXXX,
"nbf": XXXXXXXXXX,
"exp": XXXXXXXXXX,
"acct": 0,
"acr": "1",
"acrs": [
"urn:user:registersecurityinfo",
"urn:microsoft:req1",
"urn:microsoft:req2",
"urn:microsoft:req3",
"c1",
"c2",
"c3",
"c4",
"c5",
"c6",
"c7",
"c8",
"c9",
"c10",
"c11",
"c12",
"c13",
"c14",
"c15",
"c16",
"c17",
"c18",
"c19",
"c20",
"c21",
"c22",
"c23",
"c24",
"c25"
],
"aio": "E2JgYGj5YprXZPWZiUVwhV7Knhd/vWUXp6z8ksZ05CM/a1542ScA",
"amr": [
"pwd"
],
"app_displayname": "MyTeamsApp",
"appid": "XXXXXXXXXXXXXX",
"appidacr": "1",
"idtyp": "user",
"ipaddr": "3.128.178.182",
"name": "Peter White",
"oid": "XXXXXXXXXXXXXXXXXXXXXX",
"platf": "14",
"puid": "100320010480917F",
"rh": "0.AAAAN8znyhYjFUe8zwH7vB-bVVb7wgafuCJDl2itVa3Bh895AGw.",
"scp": "email OnlineMeetings.ReadWrite profile User.Read openid",
"sub": "iETGCxF_AyboXfbWNCPCeS1oi57BNAIWJrvr5-Sbk7s",
"tenant_region_scope": "EU",
"tid": "cae7cc37-2316-4715-bccf-01fbbc1f9b55",
"unique_name": "XXXXXXXXX.onmicrosoft.com",
"upn": "XXXXXXXXXX.onmicrosoft.com",
"uti": "84BGWBUbekOfzpn_BSg4AA",
"ver": "1.0",
"wids": [
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
],
"xms_st": {
"sub": "RgIwSS3b_ctoGBqNl9fNpNGUZEHTeNvO_sIkLB1ovEg"
},
"xms_tcdt": 1608199062
}
It has required API permission under scp.
App is also having all the delegated permissions defined
Can anyone please point out what is wrong?
Best regards,
Satish Shinde