The 403 - Forbiden
response is due to a combination of the Permission Scopes and OAuth Grant you're requesting.
Creating an educationClass
requires an Application (aka App-Only) rather than Delegated (aka App+User) scopes. Since Graph Explorer only supports Delegated scopes, it cannot be used for this operation.
The type of scopes you receive is determined by the OAuth Grant you use to obtain the token:
OAuth Grant | Permission Type |
---|---|
Authorization Code | Delegated |
Client Credentials | Application |
Implicit Flow | Delegated |
Password Grant | Delegated |
Note that with Application scopes there is no "user" so you also cannot use Me
(Graph has no way of knowing which user it should map to).
var educationClass = new EducationClass
{
Description = "Math Level 1",
ClassCode = "Math 501",
ExternalId = "11019",
ExternalName = "Math Level 1",
ExternalSource = EducationExternalSource.Manual,
MailNickname = "math501"
};
await graphClient // using token acquired using client_credentials
.Education
.Classes
.Request()
.AddAsync(educationClass);