You've to update your code to send requests to /common. EG:
GET https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello everyone,
I try to access the calendar events (Graph API) of my work account via an app I registered on my personal account. As the API calls will be made from a microcontroller, I use the device auth flow to get the necessary token.
I have registered the app and added the default redirect URL ("https://login.microsoftonline.com/common/oauth2/nativeclient"). Supported account types are personal and organizational accounts. API permissions as follows:
Now I start the device auth flow: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/devicecode", log my work user into the account, granting permissions and poll the access token via "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token". The result looks like this:
{
"token_type": "Bearer",
"scope": "Calendars.Read Calendars.ReadWrite email Mail.Read Mail.ReadWrite openid profile User.Read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0...",
"refresh_token": "OAQA..."
}
So far so nice :)
Using the access token I'm able to call the graph API and see the user account details: https://graph.microsoft.com/v1.0/me
But as soon as I try to get the current events ("https://graph.microsoft.com/v1.0/me/events") I get an error:
{
"error": {
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
"innerError": {
"request-id": "f391dbdf-fd8a-49c8-abd1-109d1a38ba2f",
"date": "2020-04-15T09:26:00"
}
}
}
The "funny" thing is that the very same requests works, using the Graph Explorer App. I thought that they might have blocked access at my company but why should the graph explorer app work then?
When looking into the JWT, I can see that the required scopes are there:
"scp": "Calendars.Read Calendars.ReadWrite email Mail.Read Mail.ReadWrite openid profile User.Read"
Any ideas how to resolve this? There must be somethign I forgot...
Thanks a lot!
You've to update your code to send requests to /common. EG:
GET https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
POST https://login.microsoftonline.com/common/oauth2/v2.0/token