Problem with Graph API (access SharePoint data) for an external user with o365 guest login (Personal a/c)

tatha mahata 1 Reputation point

I am trying a graph API endpoint for an external user (has Microsoft personal account in o365 and invited as guest user from Azure AD. Same external user has given access (Share) for a specific SharePoint site and can login to SharePoint directly to view/access files/folders. I am trying the following endpoint from Postman, via Authorized user credential, I get the access token after being prompted for Microsoft Online login (Email and Password), and I pass the same token to the graph API POST request.{drive-id}/root/children

I get response as unauthorized from graph endpoint. But then I open the SharePoint site and login as the external user on a separate Chrome incognito window. First, it doesn't ask my credential (that I just provided for the Postman request). And now I go back to postman and click send button, now I get all the data as expected.

I am working a a prototype using MVC ASP.NET C# (not Core) to test if Graph API/SDK can be used in our project. This is a strange issue and I have the same experience while running the .NET application. From my .NET MVC app, I can get On Behalf Of token for the external user, and pass it to Graph API/SDK, it fails. But when I open the SharePoint site for the same site and same user, and make a retry attempt on the .NET app, everything works as expected.

Note: While executing the same code (.NET) as internal user, I never get into any issues. It points to the configuration of external user (Microsoft online account - personal) in Azure AD or SharePoint. But I verified all access, permissions and everything seems ok. Microsoft support mentioned an error code SiteExtranetUsersDisabled which stops me from accessing (and possibly when I login to the SharePoint site, it recognizes me via SSO and allows my access till the access token expires! Anyone had the same/similar issues?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,858 questions
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,875 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. RaytheonXie_MSFT 32,241 Reputation points Microsoft Vendor

    Hi @tatha mahata
    You need to refer to following steps to access sharepoint with graph api in postman.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.