I'm trying to build a simple Ruby application that can connect to the Microsoft Graph API and get basic information about the user, for example the manager or direct reports.
I've followed a 0365-tutorial and i've got a working app that is able to get a user's mail. However when I try to then use the session tokens to query the graph api, i get an error:
response.body
=> "{\r\n \"error\": {\r\n \"code\": \"InvalidAuthenticationToken\",\r\n \"message\": \"Access token validation failure.\",\r\n \"innerError\": {\r\n \"request-id\": \"18cbc6be-5254-400c-9780-7427376587fb\",\r\n \"date\": \"2016-06-30T22:21:55\"\r\n }\r\n }\r\n}"
I'm using scopes
SCOPES = [ 'openid', 'profile', 'https://outlook.office.com/contacts.read', 'offline_access' ]
I've just been suggested to include the scope 'https://graph.microsoft.com/user.read', but when i add this to the application i get the following error before even hitting the user login page:
AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope openid profile offline_access https://graph.microsoft.com/user.read is not valid.
Any help on this would be appreciated!
To access data through Microsoft Graph, your application will need to acquire an OAuth 2.0 access token, and present it to Microsoft Graph in either of the following options: The HTTP Authorization request header, as a Bearer token.
Azure Active Directory (Azure AD) Graph is deprecated and will be retired at any time after June 30, 2023, without advance notice, as we announced in September, 2022.
You can use the OAuth authentication service provided by Azure Active Directory (Azure AD) to enable your application to connect with IMAP, POP or SMTP protocols to access Exchange Online in Office 365. To use OAuth with your application, you need to: Register your application with Azure AD.
Ok. The problem is that you are including scopes for both Outlook (the https://outlook.office.com/contacts.read
scope) and Graph (the https://graph.microsoft.com/user.read
scope). Unfortunately Azure's authorization endpoint doesn't support mixing scopes like that. You can either remove the Outlook scope (assuming you don't need it), or change it to the Graph equivalent: https://graph.microsoft.com/contacts.read
(if you need to access the logged on user's personal contacts).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With