Reputation: 981
Microsoft Graph REST API v1.0 - List personal contacts using application permissions
I've registered a web application in Azure Portal, granted it a Contacts.Read permission, gave it an administrator consent and now trying to list personal contacts of a particular user with Microsoft Graph REST API v1.0 using this application.
At first i'm trying to get an access token by sending POST request to
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token with following body parameters: scope=https://graph.microsoft.com/contacts.read, grant_type=client_credentials, my client_id and my client_secret.
In response i'm getting an error 400 Bad Request. Body:
{"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/contacts.read is not valid."}
When i'm replacing scope parameter in token request like this: scope=https://graph.microsoft.com/.default, i'm actually receiving 200 OK and my Bearer token in response.
But when i'm requesting user personal contacts by sending GET request to https://graph.microsoft.com/v1.0/users/{user_id}/contacts with this token, i'm getting 401 Unauthorized in response with following error:
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
I've also tried to replace the scope value in my token request with {app_id_uri}/.default and {app_id_uri}/contacts.read with no luck.
So how do i list user personal contacts using Microsoft Graph REST API v1.0? What am i doing wrong?
EDIT: Permissions screenshot:
Upvotes: 0
Views: 604
Answers (2)
Reputation: 918
Keep the scope:
You will need Application permissions (Admin):
- users.read.all
- contacts.read
I'd opt for the readwrite versions in case you want to add/edit contacts
I also use Delegated permission with offline_access
you've set contacts in the legacy exchange add the graph contacts permission instead.
Upvotes: 0
Reputation: 981
I granted to my application wrong permissions. It was Contacts.Read and User.Read.All permissions in Exchange section instead of Microsoft Graph section.
I granted those permissions in Microsoft Graph section and everything worked. In fact Contacts.Read permission is enough.
P.S. the scope is https://graph.microsoft.com/.default
Upvotes: 1
Related Questions
- Azure API permissions for Graph API
- API Permissions - Microsoft Graph API
- Azure Active directory API permissions
- Microsoft Graph Api List ownedObjects - applications
- Proper apps permissions from azure AD to grant access on Microsoft Graph
- Microsoft Graph API get Contact info
- Azure App with Web API and Microsoft Graph
- Microsoft graph People list /me/people returning 403: Forbidden
- Microsoft Graph API, app-only permissions
- Get list of apps or permissions for a user in Office 365