Reputation: 101
Microsoft graph api returns 403 forbidden when calling groups/xxxx/members
I have an application calling the graph api in order to update my database of users to match the active directory users.
I see that every single user calling it is getting an error. 403 forbidden. I did some research and saw that the user needs to grant directory.read... so I did that and then it works.
However, I do not want to have my application request each user to grant those permissions. I believe maybe I can accomplish the same goal by granting the right permissions to the “user” behind the application. I am not really sure who that is. Does maybe the secret and the client located in my web.config play into this? The reason I think maybe yes, is because I use those credentials to initially authenticate myself to the graph api. I do. To pass the current users Microsoft info to log in...
Upvotes: 1
Views: 1858
Answers (1)
Reputation: 4332
In that scenario, you can configure the app to use App-Only permissions. In the documentation, it is referred as "Application" permission. The permissions are granted to an application. Consent is granted only once by an administrator, and users are not prompted to consent later. More: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
Upvotes: 1
Related Questions
- 403 Error when making API call to Microsoft Graph with proper permissions
- Microsoft Graph user/getMemberGroups fails despite correct Permissions
- Azure AD Graph api returns Forbidden
- Getting 401: Unauthorized response when querying groups endpoint of Azure AD Graph API
- Microsoft graph API: getting 403 while trying to read user groups
- Graph API Access denied error
- Microsoft Graph API : "403 forbidden" error when getting groups conversations
- Authorization_RequestDenied when trying to get groups from Azure Active Directory using Graph API
- Azure Active Directory: 'Forbidden' error while fetching groupclaims using Graph API
- 403 Forbidden from Azure Graph API