Reputation: 421
I'm calling MS-Graph from Logic App and getting an "Unauthorized" error
I get an "Unauthorized" status code (401) when I call MS Graph from my Logic App.
The MS Gaph URI I'm calling has been tested separately using Graph Explorer to insure that it was a properly formed request.
I'm guessing that the issue has to do with Application Permissions needing to be granted to the AD App registration.
The Logic App is not prompting the user to grant the "Delegated" permissions I added to the App Registration. This is why I'm guessing, I need to use Application permissions instead of Delegated permissions.
Here is the error being returned
{
"error": {
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be
understood.",
"innerError": {
"request-id": "8addc6d3-fbf1-4a61-8ed2-b4593a10dd8c",
"date": "2019-07-16T12:29:27"
}
}
}
I would of course Grant the Application permissions myself in order to test this, but I don't have rights, and I need to research this a bit before I approach our admins.
Upvotes: 1
Views: 620
Answers (1)
Reputation: 15629
You are right. You need grant the application permissions to your app. The Active Directory OAuth in logic app uses client credentials flow which doesn't need user interaction.
Here is the difference between application permission and delegated permission.
Upvotes: 1
Related Questions
- Microsoft graph return "access token is empty"
- Logic app managed identity with Microsoft Graph API gives error "Insufficient privileges to complete the operation"
- Microsoft Graph API Logic App Authentication
- Azure Logic Apps HTTP Unauthorized
- Assigning Microsoft Graph permissions to Azure Managed Service Identity
- MS Graph - 401 Unauthorized seemingly with proper token and access
- Graph API Access denied error
- MS Graph API: invalid authentication token
- Microsoft Graph Api token invalid or not authorized?
- Call Microsoft Graph API - App only unauthorized error