question

JieShen-2954 avatar image
0 Votes"
JieShen-2954 asked ShwetaMathur edited

How to fix "/me request is only valid with delegated authentication flow." issue?

I want use postman to get user profiles from Azure AD.

I can got Token using [https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token]
But I couldn't get me profiles using [https://graph.microsoft.com/v1.0/me]
I got error as below.
/me request is only valid with delegated authentication flow.

I set API Access permissions as below.
User.Read (Delegated)
User.Read.All (Delegated)

azure-ad-connect
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JieShen-2954,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta



0 Votes 0 ·
michev avatar image
0 Votes"
michev answered

There's nothing to fix here, the "/me" endpoint refers to the user in whose context you are running request, thus is only available for delegate permission flows. If you are using the application permissions model (client credentials), you are running your code without any user context, so there is no user to "resolve" for the "/me" endpoint. Use /users/{userId} instead.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShwetaMathur avatar image
0 Votes"
ShwetaMathur answered ShwetaMathur edited

Hi @JieShen-2954,

Thanks for reaching out.

I understand you are trying to call "/me" endpoint and added delegated permissions to access graph API "/me" endpoint, but you are getting error

"/me request is only valid with delegated authentication flow".

First you need to understand the delegated permissions and application permissions .

Delegated permissions are used by those application which require user interaction or signed in by user whereas application permissions do not require any user interaction and used by those applications which run in the background and consented by admin only beforehand.

Now, to call any API endpoint, we need to get access token with required permissions using different OAuth flows provided by Microsoft Identity Platform. As mentioned by michev, client credential flow does not require user interaction and require application permissions to get the access token.

If you are trying to get the token with that flow, that token does not contain required permissions to call "/me" endpoint.

To call "/me" endpoint, you need to get the access token using authorization grant flow, implicit flow or ROPC flow where user need to sign in to get the access token.

Hope this will help.

Thanks,
Shweta


Please remember to "Accept Answer" if answer helped you.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.