Share via

"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation

Ganesh Bhadane 1 Reputation point
2021-10-05T08:56:43.427+00:00

I'm tring to get data of signed in user from microsoft azure using microsoft graph api, i'm getting access token and also login successfully,

but i'm getting error as : "Insufficient privileges to complete the operation."

My Code: 

import 'dart:convert';
import 'dart:io';
import 'package:http/http.dart' as http;
import 'package:aad_oauth/aad_oauth.dart';
import 'package:aad_oauth/model/config.dart';
import 'package:exim_bank_leave_app/Utils/AppTheme.dart';
import 'package:flutter/material.dart';
import 'package:shared_preferences/shared_preferences.dart';
import 'Screens/Listing.dart';
import 'Utils/Widgets/BlueBtn.dart';

void main() => runApp(MyApp());

class MyApp extends StatelessWidget {
  @override
  Widget build(BuildContext context) {
    return MaterialApp(
      debugShowCheckedModeBanner: false,
      theme: MyTheme.darkTheme(context),
      home: MyHomePage(),
    );
  }
}

class MyHomePage extends StatefulWidget {
  static var user;
  static final Config config = Config(
    tenant: 'f6f3ce86-f4ba-40be-97d4-cb769a298738',
    clientId: 'cba06e50-faa9-45bc-9f44-e88eaf6562f5',
    scope: 'openid profile offline_access',
    redirectUri: 'https://login.microsoftonline.com/common/oauth2/nativeclient',
  );

  static final AadOAuth oauth = AadOAuth(config);
  @override
  _MyHomePageState createState() => _MyHomePageState();
}

class _MyHomePageState extends State<MyHomePage> {
  SharedPreferences prefs;

  @override
  void initState() {
    super.initState();
    loadData();
  }

  @override
  Widget build(BuildContext context) {
    // adjust window size for browser login
    var screenSize = MediaQuery.of(context).size;
    var rectSize =
        Rect.fromLTWH(0.0, 25.0, screenSize.width, screenSize.height - 25);
    MyHomePage.oauth.setWebViewScreenSize(rectSize);

    return Scaffold(
      body: Container(),
    );
  }

  loadData() async {
    var auth = MyHomePage.oauth;
    var accessToken = await auth.getAccessToken();
    await auth.login();
    Navigator.pushReplacement(
        context, MaterialPageRoute(builder: (context) => Listing()));
    prefs = await SharedPreferences.getInstance();
    while (prefs == null || accessToken == null) continue;
    final String idToken = await auth.getIdToken();

    setState(() {
      prefs.setString('token', idToken);
    });
    print('Token $accessToken');

    final graphResponse = await http.get('https://graph.microsoft.com/v1.0/me',
        headers: {HttpHeaders.authorizationHeader: "Bearer $accessToken"});
    print(graphResponse.body.toString());
    print(graphResponse.statusCode);
  }

  static void logout() async {
    await MyHomePage.oauth.logout();
  }
}
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
Community Center | Not monitored

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-10-05T20:36:52.607+00:00

    Hello @Ganesh Bhadane ,

    Thanks for reaching out.

    The Microsoft Graph API requires the user.read scope to read a user's profile such as calling https://graph.microsoft.com/v1.0/me.

    Therefore, could you please try using following scope scope: 'openid profile user.read offline_access', in code and let us know outcome. Thanks.

    Hope this helps.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.