Getting access denied issue graph api

Patrick Rote 101 Reputation points
2021-06-10T09:08:03.613+00:00

I'm facing this issue and dont know what to do anymore to fix it.

I am trying to use the graph api endpoints to list the recent files by signed in user in a sharepoint classic page
var upn = "validemailaddress"

I have registered an app registration and have a delegated permission to scope - Sites.Read.All ( this is according to the MSDN api documents insights-list-used)

But i keep getting this error below - when i use - https://graph.microsoft.com/v1.0/me/insights/used

104175-insightserror.png

I'm acquiring a token by using the below and its working and a token assigned(As a signed in user)

url: _spPageContextInfo.webAbsoluteUrl + "/_api/SP.OAuth.Token/Acquire",

Is this the correct way to acquire a token to be able to return this data when i use graph explorer it works.

Do the user need to sign in again when the page load for this to work?

Is there anything i'm missing as all the other endpoints work.

My aim is to display recent files of logged in user on a sharepoint classic page

Thanks in Advance

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,890 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,602 questions
0 comments No comments
{count} votes

Accepted answer
  1. MichaelHan-MSFT 18,031 Reputation points
    2021-06-11T07:19:15.107+00:00

    Hi @Patrick Rote ,

    Per my test, I got the same result as yours on my end. So I check the token in https://jwt.ms, and found that Sites.Read.All is not granted for the token.

    104622-image.png

    The /_api/SP.OAuth.Token/Acquire endpoint does not use the app we registered , it should use the default AAD app called Office 365 SharePoint Online which doesn't have the Sites.Read.All permission.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Patrick Rote 101 Reputation points
    2021-06-15T07:09:35.417+00:00

    Thanks Michael,
    I figured it out .
    I used the MSAl.js - acquireTokenSilent

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.