We are looking to automatize admin consent for Azure Enterprise Applications through Microsoft graph, more specifically `/beta/oauth2permissiongrants/
We have already successfully deployed an app that can do this, but now it fails.
The error message is related to property expiryTime which has been recently deprecated. We have tried to change our POST to leave that property out, but it still fails. And if we leave it in, it also fails. And it worked just fine before.
{
"clientId":"6b765713-9aac-4bf3-a5e9-4c11228e2e49",
"consentType":"AllPrincipals",
"resourceId":"ac07f639-74ff-459e-b335-2fcc434dbd76",
"scope":"User.Read openid",
}
Return is
{
"error": {
"code": "Request_BadRequest",
"message": "Missing property: expiryTime",
"innerError": {
"request-id": "d61927fe-4ab9-40a9-9b7e-ff33c138bb93",
"date": "2019-09-16T12:18:06"
}
}
}
The expiryTime property shouldn't be relevant anymore, yet no matter what we do we get an error message that says it is missing.
Does anyone know a way around this?
If I don't add expiryTime property in the request body, I will get the error the same as yours.
But after adding it to the request body, I can post successfully.
By the way, beta version api is not recommended to use.
APIs under the /beta version in Microsoft Graph are subject to change.
Use of these APIs in production applications is not supported.
Related
When calling this Salesforce api:
https://{host}/DM/services/data/v48.0/chatter/feed-elements
I get this response:
[
{
"message": "The Chatter Connect API is not enabled for this organization or user type.",
"errorCode": "API_DISABLED_FOR_ORG"
}
]
I'm using a trial org and this has been working until recently. What might be going on? does it require a beta package to work or doesn't matter? Any permissions that can be related to this? Any settings that I can look at?
I'm very new to ADFS and the Web Application Proxy. That said, I've recently setup an ADFS server and a WAP server and have all of the configuration setup to successfully handle SAML SSO to my custom application.
I am now attempting to use the Webfinger endpoint. By default, that endpoint is enabled (and proxy enabled). Unfortunately, I have not been able to get any meaningful response from this endpoint and am unsure even how to set it up. Searching for "ADFS Webfinger" documentation has been fruitless. Honestly, I can't find anything other than discussions of an Event Viewer error and other useless information.
I have attempted various combinations of URLs.
https://my-adfs-server/.well-known/webfinger?resource=https%3A%2F%2Fmy-adfs-server%2Fadfs%2F/ls&rel=http://schemas.microsoft.com/rel/trusted-realm
This gives me back a JSON:
{
"subject": "https://my-adfs-server",
"links": [
{
"rel": "http://schemas.microsoft.com/rel/trusted-realm",
"href": "https://my-adfs-server"
}
]
}
but it is the only URL I have found that returns anything.
https://my-adfs-server/.well-known/webfinger?resource=acct:<myemail>
This gives me a 404 with a valid email (acct).
What am I missing? Even if that last URL was working, how do I resolve it to specify information that should be returned in the JRD document for this particular account? Do I need IIS installed (I don't have it installed currently) and custom code?
Thanks for any help/insight.
Pink
In graph explorer the https://graph.microsoft.com/v1.0/me?$select=birthday endpoint gives me the example profile birthday
but when I try it with my account I receive this error
{
"error": {
"code": "ResourceNotFound",
"message": "Resource not found.",
"innerError": {
"request-id": "37e1643d-0bfd-46a4-8b48-70a4922f2952",
"date": "2017-12-29T21:33:16"
}
}
}
even though it returns my profile with the /me endpoint. I believe it has all the same scopes as the example and I checked all the .read scopes to make sure it had everything needed.
My birthday is in my profile and I am able to get my birthday from the deprecated live api with the wl.birthday scope but not the new graph api.
Thanks for pointing this out. Looks like we need to update our documentation. I filed this doc issue to track. Some user properties are only available for commercial (work or school) accounts (i.e. AAD based), through Microsoft Graph. Microsoft Graph, when signed in though a consumer account, has limited access to the same data that is exposed in the deprecated live API. I'll check if this particular item can be fixed.
Hope this helps,
I'm trying to implement checking availability for specific user (actually a room) in O365 calendar. I'm using Graph API as it's recommended by Microsoft.
My first approach was using POST on https://graph.microsoft.com/v1.0/me/findMeetingTimes with the message body prepared according to template given in Graph API Explorer. On the API Explorer everything seems to work fine but when I try to run exactly the same request with my applications token I receive 403:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "b130177d-e138-4cc7-8e72-5d3529a9dc24",
"date": "2017-03-21T08:47:10"
}
}
}
I checked the app's delegated permissions in AAD and they seem to be fine. For Microsoft Graph those are granted:
Calendars.ReadWrite.Shared
Calendars.Read.Shared
Calendars.ReadWrite
Calendars.Read
I get exactly the same response (403) when I try to simply list user's events: https://graph.microsoft.com/v1.0/users//events In Graph API Explorer 500 is returned.
I found the following bug description: https://github.com/microsoftgraph/microsoft-graph-docs/issues/559 (and probably this one too) Is it related with the issues above?
Any clue what I might be doing wrong?
Is there any other way to achieve the same using different endpoint or API assuming that I still want to use oAuth for authorization?
I will be grateful for any hint
Update: Outlook Calendar API seems to work. Still appreciate any ideas why Graph API doesn't?
The FindMeetingAPI needs A work or a school account . If you are logging in using your personal email ID , you might not be able to login. Moreover , you need to set permissions to Calendars.Read Calendars.Read.All Calendars.ReadWrite User.Read"
We would like to automatically create a project ID and install our ULAPPH Cloud Desktop application using the App Engine Admin API (REST) and Golang.
https://cloud.google.com/appengine/docs/admin-api/?hl=en_US&_ga=1.265860687.1935695756.1490699302
https://ulapph-public-1.appspot.com/articles?TYPE=ARTICLE&DOC_ID=3&SID=TDSARTL-3
We were able to get a token but when we tried to create a project ID, we get the error below.
[Response OK] Successful connection to Appengine Admin API.
[Token] { "access_token" : "TOKEN_HERE", "expires_in" : 3599, "token_type" : "Bearer" }
[Response Code] 403
[Response Body] { "error": { "code": 403, "message": "Operation not allowed", "status": "PERMISSION_DENIED", "details": [ { "#type": "type.googleapis.com/google.rpc.ResourceInfo", "resourceType": "gae.api", "description": "The \"appengine.applications.create\" permission is required." } ] } }
We are just using the REST API calls. Request for token was successful as you can see above and the scope is ok as well. Now, when we posted the request to create application, we are having the error that says "appengine.application.create" permission required.
How do we specify the permission?
What are the possible reasons why we are getting that error? Do we missed to send a field in JSON or in query?
As per below link, we just need to pass the json containing the id and location. We also just need to pass the token in the Authorization header. The same logic I have used successfully in accessing Youtube, Drive APIs etc so not sure what needs to be done since I have followed the docs available.
I have also posted the same issue in Google Groups and now waiting for their reply.
It seems you've given no details about how you set up the account you're using to authorize the request. You'll need to make sure the appengine.applications.create permission is given to the account you're using, as mentioned in the error text. You can use the Google Identity and Access Management (IAM) API for this.
(by the way, I'd given this answer in the original thread, although you didn't reply or seem to take action on it. check it out! this is likely the solution you need!)