Microsoft Graph Beta call to create a team returns bad request

Question

In our code, we create a Microsoft team with a Microsoft Graph Beta call (https://graph.microsoft.com/beta). Other calls are done via Microsoft Graph (https://graph.microsoft.com/). We are using Microsoft Graph v1.14.0 NuGet package.

Up until 30 may 2019 this was working fine. After that it stopped working and returned the following error:

Type: Microsoft.Graph.ServiceException
Bericht: Code: BadRequest
Message: Write requests (excluding DELETE) must contain the Content-Type header declaration.

Nobody was working 30 may en 31 may so nothing changed on our side.

Our call:

var createdTeam = await graphApiServiceClient
  .Teams
  .Request()
  .AddAsync(team);

The variable 'team' contains an object which results in the following JSON:

{
    "template@odata.bind": "https://graph.microsoft.com/beta/teamsTemplates('standard')",
    "owners@odata.bind": ["https://graph.microsoft.com/beta/users('a guid')"],
    "displayName": "Test displayname",
    "description": "Test Description",
    "visibility": "Private"
}

We have logged in to the Graph Explorer, took the access token from the cookie and used that in our own code. This resulted in a successful call and the team was created.

This is a little strange because if our original access token was wrong, we would not have been able to do the other successful calls we are doing (for example; a security group is created).

We have compared the permissions of the Graph explorer user vs the user we use in our code. We found no difference. Both have the Group.ReadWrite.All permission.

Sometimes we are receiving another error on the same call with the same data:

Update: We receive the error below after upgrading to Microsoft Graph v1.50.0 and Microsoft Graph Core v1.16.0

Type: Microsoft.Graph.ServiceException
Bericht: Code: UnauthorizedAccess
Message: Failed to execute Templates backend request CreateTeamFromTemplateRequest. 
Request Url: https://teams.microsoft.com/fabric/templates/api/team, 
Request Method: POST, Response Status Code: Unauthorized, Response Headers: Strict-Transport-Security: max-age=2592000
X-MSEdge-Ref: Ref A: 266D45253C1B41809D27E6B7815E094E Ref B: DB3EDGE1119 Ref C: 2019-06-05T09:25:18Z
Date: Wed, 05 Jun 2019 09:25:18 GMT, 
ErrorMessage : {
   "errors":[{
     "message":"AccessToken token is not valid."
    }],
    "operationId":"2d511c3df28add419e9aa37926ccb962"
}

Additional information:

We are using the App context.

Our code to get the accesstoken:

var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($"https://login.microsoftonline.com/{this.domain}");
var credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(ClientID, ClientSecret);
var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", credential);

accessToken = authResult.AccessToken;

Failed request (with token that is now expired):

Method: POST,
RequestUri: 'https://graph.microsoft.com/beta/teams',
Version: 1.1,
Content: System.Net.Http.StringContent,
Headers:
{
  SdkVersion: Graph-dotnet-1.14.0
  FeatureFlag: None
  FeatureFlag: RedirectHandler, RetryHandler, AuthHandler, DefaultHttpProvider
  Cache-Control: no-store, no-cache
  Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEQ29NcGpKWHJ4VHE5Vkc5dGUtN0ZYblRaYWluNkdtNWhnRnRrWEh0RlRydFhtRUM2bUZJZFI0X00wMkRoMFg5QzVIaFU0ZHhyRFE2cU1rMGVFOEFVbWtqZnZaMjFlZFZKR1NXYUY5bGdsRFNBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiQ3RmUUM4TGUtOE5zQzdvQzJ6UWtacGNyZk9jIiwia2lkIjoiQ3RmUUM4TGUtOE5zQzdvQzJ6UWtacGNyZk9jIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20vIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvM2QxY2M5YWQtZjBkNC00MTZkLTkyZGMtOTRjZGFjYzdkNTUwLyIsImlhdCI6MTU2MTYyMTMwNiwibmJmIjoxNTYxNjIxMzA2LCJleHAiOjE1NjE2MjUyMDYsImFpbyI6IjQyWmdZRmgzTmJmT3JweE56V2wzdmtMc2IxMWJBQT09IiwiYXBwX2Rpc3BsYXluYW1lIjoiREVWX01PTy1wcm92aXNpb25pbmciLCJhcHBpZCI6IjkwNmUwNjJkLTIwNWItNGM3Yi05NmM3LWQ4ZTI4YjZlMTAyNyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzNkMWNjOWFkLWYwZDQtNDE2ZC05MmRjLTk0Y2RhY2M3ZDU1MC8iLCJvaWQiOiIzMjQyODFjYi01ODVmLTQ5ODItODE4NC00ZTdlOGNmYTllMTQiLCJyb2xlcyI6WyJVc2VyLlJlYWRXcml0ZS5BbGwiLCJHcm91cC5SZWFkV3JpdGUuQWxsIiwiVXNlci5SZWFkLkFsbCIsIk1haWxib3hTZXR0aW5ncy5SZWFkV3JpdGUiXSwic3ViIjoiMzI0MjgxY2ItNTg1Zi00OTgyLTgxODQtNGU3ZThjZmE5ZTE0IiwidGlkIjoiM2QxY2M5YWQtZjBkNC00MTZkLTkyZGMtOTRjZGFjYzdkNTUwIiwidXRpIjoiREVyR082OTE0a1doazh0YjI4OUNBQSIsInZlciI6IjEuMCIsInhtc190Y2R0IjoxMzQzODA0NzExfQ.DXO3VpCj5GyULTxiCvdyV5Fv33D5QER4CQDkhfxi-0t8MGXJ7reositSt2-oNqxRwQ3iI0_R-kXsldaPtf7mR0aP2HgJeWQoy_MiTKtLU8RwW9hkgJEohjeeWku9edOn_fsLj8V1Yw4eLeXroqPLEmIWQ4ks8mG9Q1T3Q-9mixhjI7b4by7wIJgFe6DvmI7Yo9KYg4HygCPJ-FQJH8yeDGQWbyuy0pskNmj88b77k3fL_3-c-OAL74dOZ-FCcTkIq63bvg8NxKSgRWb5OMu7JK6cjfKUhPFWLTk2l8Aqq8UYXqoSQynX2ZvaJsBmARb6vLIeflwLPC4yr73afj6NtA
  Content-Type: application/json
  Content-Length: 305
}

Body:

{
    "template@odata.bind": "https://graph.microsoft.com/beta/teamsTemplates('standard')",
    "owners@odata.bind": ["https://graph.microsoft.com/beta/users('a guid')"],
    "displayName": "Test displayname",
    "description": "Test Description",
    "visibility": "Private"
}

The response is a Microsoft.Graph.ServiceException:

{
    Code: BadRequest
    Message: Write requests (excluding DELETE) must contain the Content-Type header declaration.
    Inner error
}

Responseheaders:

{
    Transfer-Encoding: chunked
    request-id: 1daa5989-7fbe-44c1-89f8-908c3adb740b
    client-request-id: 1daa5989-7fbe-44c1-89f8-908c3adb740b
    x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West Europe","Slice":"SliceC","Ring":"5","ScaleUnit":"003","RoleInstance":"AGSFE_IN_44","ADSiteName":"WEU"}}
    Duration: 5.254
    Strict-Transport-Security: max-age=31536000
    Cache-Control: private
    Date: Thu, 27 Jun 2019 07:56:27 GMT
}

Stacktrace:

   at Microsoft.Graph.HttpProvider.<SendAsync>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.BaseRequest.<SendRequestAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Graph.BaseRequest.<SendAsync>d__30`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at MOO.Apps.Office365.Backend.Repository.Office365.TeamO365Repository.<CreateAsync>d__2.MoveNext()

Some more additional information:

We get a working token (we used the returned token in our code) if we do the following call in Postman with our clientId and clientSecret.

Content-Type application/x-www-form-urlencoded
POST https://login.microsoftonline.com/domain/oauth2/v2.0/token
BODY client_id=clientidguid&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_secret=clientsecret&grant_type=client_credentials

Answer 1

Could you please try passing "https://graph.microsoft.com" instead of "https://graph.microsoft.com/" in authContext.AcquireTokenAsync()?

var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);

We are looking working on a fix but meantime please try this workaround and let us know if you are still facing the same issue.