Getting access denied issue graph api

Question

I'm facing this issue and dont know what to do anymore to fix it.

I am trying to use the graph api endpoints to list the recent files by signed in user in a sharepoint classic page
var upn = "validemailaddress"

• https://graph.microsoft.com/v1.0/users/" + upn + "/insights/used
• https://graph.microsoft.com/v1.0/me/insights/used

I have registered an app registration and have a delegated permission to scope - Sites.Read.All ( this is according to the MSDN api documents insights-list-used)

But i keep getting this error below - when i use - https://graph.microsoft.com/v1.0/me/insights/used

I'm acquiring a token by using the below and its working and a token assigned(As a signed in user)

url: _spPageContextInfo.webAbsoluteUrl + "/_api/SP.OAuth.Token/Acquire",

Is this the correct way to acquire a token to be able to return this data when i use graph explorer it works.

Do the user need to sign in again when the page load for this to work?

Is there anything i'm missing as all the other endpoints work.

My aim is to display recent files of logged in user on a sharepoint classic page

Thanks in Advance

Answer 1

Hi @Patrick Rote ,

Per my test, I got the same result as yours on my end. So I check the token in https://jwt.ms, and found that Sites.Read.All is not granted for the token.

The /_api/SP.OAuth.Token/Acquire endpoint does not use the app we registered , it should use the default AAD app called Office 365 SharePoint Online which doesn't have the Sites.Read.All permission.

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Thanks Michael,
I figured it out .
I used the MSAl.js - acquireTokenSilent