I'm trying to download files from OneDrive using the Microsoft Graph. I'm currently in the testing phase and have not yet written any code.
Here is what I did so far:
Provided it with the following list of Microsoft Graph Permissions:
Delegated: Files.ReadWrite.All
, offline_access
, Group.ReadWrite.All
, Directory.ReadWriteAll
, User.ReadWriteAll
Application: Directory.ReadWrite.All
, Files.ReadWrite.All
, Group.ReadWrite.All
, User.ReadWrite.All
Used the code
flow with a scope of offline_access
and Files.ReadWrite.All
, got a code and then a token.
Using this token to download a file via /me
drive works well (/v1.0/me/drive/items/itemid/content
), but when I try to download or just query other users I get back the error of insufficient privileges.
Calling https://graph.microsoft.com/v1.0/users
gets the response:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"request-id": "cee06586-12af-4768-9135-b9709d7ecb5d",
"date": "2018-05-29T14:45:48"
}
}
}
The same happens when I add a user Id. When I ask to get the user's device I get a "not found" response.
I saw some answers to similar questions saying that I should add permissions to my app to Azure Active Directory via the Azure portal, but my app is listed only in the "Enterprise application" section and I don't see it on the "app registrations" section where I can add permissions, in the Enterprise applications section I'm unable to add any permissions, only search.
Note: my user id is the global admin in the Azure portal. This user also is the user that created and owns the application.
Any idea what I may be missing here?
Thanks
Edit:
I was able to make some progress, I tried to create the app via the Azure portal and not the applications portal. Now it shows in the app registration page so I was able to add permissions to it.
So now I'm able to view all the users, but still, when I try to view their drive I get the "not found" response:
Calling https://graph.microsoft.com/v1.0/users/userid/drive
returns the response:
{
"error": {
"code": "itemNotFound",
"message": "The resource could not be found.",
"innerError": {
"request-id": "ec6ed197-15ea-498a-80d0-e2a9f832a0b9",
"date": "2018-05-29T15:49:18"
}
}
}
Calling /users
requires you have at least User.ReadBasic.All
or User.Read.All
permissions. Since you've only requested Files.ReadWrite.All
, you do not have sufficient access to via other user's profiles.
Try against using the scope:
User.Read.All+Files.ReadWrite.All+offline_access
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With