Getting MS TODO task from everybody in "company"

Matija Urh 1 Reputation point
2022-09-06T08:17:32.99+00:00

Hello,

  • I created an app in Azure portal
  • I added permissions (application type - User.Read.All, Tasks.Read.All)
  • admin (in azure) "confirm these permission"
  • I then was able to obtain token using curl -X POST \
    'https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/oauth2/v2.0/token' \
    --form 'client_id="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"' \
    --form 'scope="https://graph.microsoft.com/.default"' \
    --form 'client_secret="fp...8B"' \
    --form 'grant_type="client_credentials"'
  • if I inspect the token a see that token has "roles": [
    "User.Read.All",
    "Tasks.Read.All"
    ],
  • I'm able to get list of all users (in the company) using curl -X GET \
    'https://graph.microsoft.com/v1.0/users' \
    --header 'Authorization: Bearer eyJ0...'
  • but when I call https://graph.microsoft.com/v1.0/users/{USER_ID}/todo/lists/Tasks/tasks, I get {
    "error": {
    "code": "accessDenied",
    "message": "API access not enabled in this context.",
    "innerError": {
    "date": "2022-09-06T07:52:40",
    "request-id": "7...2",
    "client-request-id": "7...e"
    }
    }
    }

Questions:

  • is this even possible?
  • if so - what am I missing?
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,477 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Seth Dingwell 21 Reputation points
    2022-09-06T14:28:37.28+00:00

    The short answer is no, you can't get a list of all tasks across users. If you look at the ToDo API docs here:

    https://learn.microsoft.com/en-us/graph/api/resources/todo-overview?view=graph-rest-1.0

    You will see the comment "Currently, the API supports only permissions delegated by the signed-in user" which means that you cannot get any ToDo task info using application level permissions.

    You can use an application to get ToDo task data if you get use delegated permissions, but you would have to get an access token / refresh token for each user, which would require that each individual user consent to the app access. Then you could access each user's todo tasks on a per user basis using that user's access token.

    It is a bummer and it's a bit of a clunky process but I have successfully done it this way.

    0 comments No comments

  2. Srinivasa Rao Darna 6,686 Reputation points Microsoft Vendor
    2022-09-06T15:14:54.06+00:00

    Hello @Matija Urh ,

    From your curl graph query you seem to use grant_type="client_credentials" with an intent to use application permissions. Currently ToDo API's doesn't have support for application permissions.

    238170-tasks-app-permissions.png
    There is feature request on graph feedback portal Application permissions for the To Do APIs, I request you to upvote feature idea and based on number of people requesting for similar feature Microsoft Graph Product team will review and consider for implementation.

    Hope this helps.
    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments No comments