I am trying a graph API endpoint for an external user (has Microsoft personal account in o365 and invited as guest user from Azure AD. Same external user has given access (Share) for a specific SharePoint site and can login to SharePoint directly to view/access files/folders. I am trying the following endpoint from Postman, via Authorized user credential, I get the access token after being prompted for Microsoft Online login (Email and Password), and I pass the same token to the graph API POST request. https://graph.microsoft.com/v1.0/sites/myCompanyName.sharepoint.com/drives/{drive-id}/root/children
I get response as unauthorized from graph endpoint. But then I open the SharePoint site and login as the external user on a separate Chrome incognito window. First, it doesn't ask my credential (that I just provided for the Postman request). And now I go back to postman and click send button, now I get all the data as expected.
I am working a a prototype using MVC ASP.NET C# (not Core) to test if Graph API/SDK can be used in our project. This is a strange issue and I have the same experience while running the .NET application. From my .NET MVC app, I can get On Behalf Of token for the external user, and pass it to Graph API/SDK, it fails. But when I open the SharePoint site for the same site and same user, and make a retry attempt on the .NET app, everything works as expected.
Note: While executing the same code (.NET) as internal user, I never get into any issues. It points to the configuration of external user (Microsoft online account - personal) in Azure AD or SharePoint. But I verified all access, permissions and everything seems ok. Microsoft support mentioned an error code SiteExtranetUsersDisabled which stops me from accessing (and possibly when I login to the SharePoint site, it recognizes me via SSO and allows my access till the access token expires! Anyone had the same/similar issues?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 34%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)