Share via

unable to access OneDrive using Microsoft Graph Explore

Kiran Kumar 1 Reputation point
2021-12-27T13:37:55.113+00:00

Hi Team.,
i am trying to access my file from OneDrive using Microsoft Graph client. using below code but am getting Error message as shown below
var scopes = new[] { "https://graph.microsoft.com/.default" };

            var tenantId = "***********";
            var clientId = "***********";
            var clientSecret = "***********";

            var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(
                tenantId, clientId, clientSecret, options);

            var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

            var stream = await graphClient.Me.Drive.Items["***********"].Content.Request().GetAsync();

Error Message :
Code: BadRequest
Message: /me request is only valid with delegated authentication flow.
Inner error:
AdditionalData:
date: 2021-12-27T11:59:16
request-id: 93df1b1c-68aa-498b-967c-706ed96452b2
client-request-id: 93df1b1c-68aa-498b-967c-706ed96452b2
ClientRequestId: 93df1b1c-68aa-498b-967c-706ed96452b2

Note #1: under Azure => API Permissions => given User.ReadWrite.All - Application - Yes
Note #2: Create App Under Azure =>App Registrations => Accounts in any organizational directory (Any Azure AD directory - Multitenant)

Microsoft Security Microsoft Graph

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JanardhanaVedham-MSFT 3,566 Reputation points
    2021-12-27T18:36:29.187+00:00

    Hi @Kiran Kumar ,

    As per line#15 in your code , you are trying use /me Graph API endpoint in your application and as the error message states, /me Graph API endpoint is only valid with delegated authentication flow & delegated permissions scope but not with application client credential flow & application permissions scope.

    Since you are using application client credential flow & application permissions scope , you would have to change line#15 in your above code like mentioned below and refer line#4 in the below example and also make sure that "Files.Read.All" application permissions are granted for your application. Your user ID should be mentioned in the below code at line#4. 

    var stream = await graphClient.Users["{User-Id}"].Drive.Items["{Item-Id}"].Request().GetAsync();      
Example :   
  
var stream = await graphClient.Users["4993994c-87b7-48b2-a7ff-2812a481b587"].Drive.Items["91XVQLL722MEU2FCVLXNHLORAJTNPKUZLM"]  
.Request()  
.GetAsync();    

Here {User-Id} can be Id or UserPrincipalName and {Item-Id} can be Id of the item which needs to be accessed.    
**Please ensure to mention your user ID or UserPrincipalName in the above code (at line#4).**

    Here is the example output in Postman using equivalent graph API endpoint (GET /users/{user-id}/drive/items/{item-id}):

    160660-postman-output.jpg

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".

  2. Kiran Kumar 1 Reputation point
    2021-12-30T07:21:42.303+00:00

    Hi janardhana / CarlZhao,

    Thanks for your quick response,
    i am passing Tenant ID in {user-ID}, am i rt? by passing this Tenant ID am getting below error

    Code: BadRequest
    Message: Unable to retrieve tenant service info.
    Inner error:

    if i am wrong what exactly i need to pass in {user-id}, can you please tell me, Thanks

  3. CarlZhao-MSFT 46,371 Reputation points
    2021-12-30T09:05:13.343+00:00

    Hi @Kiran Kumar

    This should have nothing to do with the transmission of tenantId, I did not see the authentication URL in the code snippet you provided. Refer to my sample: 

    using Microsoft.Graph;  
using Microsoft.Graph.Auth;  
using Microsoft.Identity.Client;  
using Newtonsoft.Json;  
using System;  
using System.Collections.Generic;  
using System.Net.Http;  
  
namespace test2  
  
{  
    class Program  
    {  
        static async System.Threading.Tasks.Task Main(string[] args)  
        {  
              
            IConfidentialClientApplication app;  
            app = ConfidentialClientApplicationBuilder.Create("{client id}")  
                    .WithClientSecret("{client secret}")  
                    .WithRedirectUri("{redirect url}")  
                    .WithAuthority(new Uri("https://login.microsoftonline.com/{tenant id}"))  
                    .Build();  
  
            AuthenticationResult result;  
  
            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };  
  
            result = await app.AcquireTokenForClient(scopes).ExecuteAsync();  
  
            ClientCredentialProvider authProvider = new ClientCredentialProvider(app);  
  
            GraphServiceClient graphClient = new GraphServiceClient(authProvider);  
  
            var driveItem = await graphClient.Users["{user id}"].Drive.Items["{item id}"].Request().GetAsync();  
  
            Console.WriteLine("items:" + JsonConvert.SerializeObject(driveItem));      
        }  
    }  
}

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.