![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,113 questions
The 403 - Forbiden response is due to a combination of the Permission Scopes and OAuth Grant you're requesting.
Creating an educationClass requires an Application (aka App-Only) rather than Delegated (aka App+User) scopes. Since Graph Explorer only supports Delegated scopes, it cannot be used for this operation.
The type of scopes you receive is determined by the OAuth Grant you use to obtain the token:
| OAuth Grant | Permission Type |
|---|---|
| Authorization Code | Delegated |
| Client Credentials | Application |
| Implicit Flow | Delegated |
| Password Grant | Delegated |
Note that with Application scopes there is no "user" so you also cannot use Me (Graph has no way of knowing which user it should map to).
var educationClass = new EducationClass
{
Description = "Math Level 1",
ClassCode = "Math 501",
ExternalId = "11019",
ExternalName = "Math Level 1",
ExternalSource = EducationExternalSource.Manual,
MailNickname = "math501"
};
await graphClient // using token acquired using client_credentials
.Education
.Classes
.Request()
.AddAsync(educationClass);