CODEWITHSUNDEEP
androidoutlookmicrosoft-graph-apiazure-ad-msal
Unii
Unii

Reputation: 1617

MSAL library returns 403

After configuring my app on apps.dev.microsoft.com I can login with an administrator account to the mobile application with MSAL. Other users get a 403 -Forbidden when requesting data from Microsoft Graph.

What should be reconfigured for users to grant access?

App Registered Scopes: 

User.ReadWrite
User.ReadBasic.All
Calendars.ReadWrite
Contacts.Read

Scope in Android App: 

https://graph.microsoft.com/User.ReadWrite
https://graph.microsoft.com/User.ReadBasic.All
https://graph.microsoft.com/Calendars.ReadWrite
https://graph.microsoft.com/Contacts.Read

Requests made by App:

https://graph.microsoft.com/v1.0/users
https://graph.microsoft.com/v1.0/me/events
https://graph.microsoft.com/v1.0/users/{user}/calendarview
https://graph.microsoft.com/v1.0/me/events/{identifier}

Upvotes: 1

Views: 867

Answers (1)

Unii
Unii

Reputation: 1617

I suppose there was an issue with app dev web page or data was not propagated. I removed all delegated permissions from portal and app and with documentation added all permissions for my requests, even if documentation mentioned that I could choose only 1 from it. It worked for first request /users so I did it with another request. After checking that all request works in app I started to removed 'additional' permissions. It ended with only 3 permissions:

"https://graph.microsoft.com/User.ReadWrite",
"https://graph.microsoft.com/User.ReadBasic.All",
"https://graph.microsoft.com/Calendars.Read"

Upvotes: 1

Related Questions