This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I try to use the relative new feature of resetting the redemption status of a guest user. My code calls the invitations API of Microsoft Graph, as described here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status
This works as expected, as long as I use delegated / user permissions. But it doesn't seem to work with App Permissions! The invitation API itself works with App Permissions, but this specific feature of resetting the redemption status ends with an error:
HTTP 403 Forbidden
Guest invitations not allowed for your company. Contact your company administrator for more details.
The app has Directory.ReadWrite.All as well as User.Invite.All permissions granted. And the invitation without the resetRedemption switch works. I used the Beta endpoint of MS Graph - so, i'm aware of the fact that it isn't available on v1.0 endpoint yet.
Is this a known issue?
BR, Lukas
Use https://jwt.ms/ parses your access token and provides a screenshot.
Thanks for your response. Screenshot below:
Judging from your error message, it says that your company does not allow guests to be invited, so are you performing the operation of inviting guests?
The error mesage is missleading. I'm successfully using guest invitation by using the MS Graph invitation API. But as soon as I use the "resetRedemption" switch as described in my initial post, the request comes back with the mentioned error. This error message definitely doesn't report the real error - because the company does allow guests to be invited...
Are you saying that the same guest user can use the delegated permission "resetRedemption"?
If I execute the exactly same MS Graph call using delegated permission, then yes, resetRedemption works. As soon as I use app permissions, it ends up with the mentioned error.
Application context is not currently supported, please see my answer.
Sign in to comment
Currently does not support application permissions!
I have read the doc in detail, and there are detailed instructions in the doc: When you're resetting the status for a B2B guest user, be sure to do so under the user context. App-only calls are currently not supported.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Ok, that makes sense - thanks. Do you know about any plans whether this API will have support for App permissions in the near future?
As you can see, this feature is still in preview status, I believe it will support application permissions in the future, or you can also make a feature request for this: https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform/label-name/Microsoft%20Graph
Thanks. I added it here:
https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/add-app-permissions-support-for-resetredemption-feature-in-ms/idi-p/2545675#M192
Okay, I have voted for you.
Sign in to comment
0 additional answers
Sort by: Most helpful
Sign in to answerActivity