CODEWITHSUNDEEP
azure-active-directorymicrosoft-graph-api
Isaac Levin
Isaac Levin

Reputation: 2899

Request Denied After Getting Admin Consent on Tenant

I went through the process to get admin consent for a POC app (delegated) I am building that leverages the new Presence API via MS Graph

https://learn.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-beta&tabs=http

However, when I try to make a Graph API Call, I am able to get a token, but get this error when I try to hit the /me endpoint (gets my AD Info)

Failed to call the Web Api: Forbidden
Content: {
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
    "request-id": "0c293c6f-f8d2-4a12-8879-c52b16e4c51f",
    "date": "2020-01-07T18:09:14"
    }
  }
}

I am not sure what this error is from, anyone here that can help me? My app has permissions for

Upvotes: 0

Views: 206

Answers (2)

Merill Fernando
Merill Fernando

Reputation: 177

The fix for this issue is to update the authentication flow to use the 'On behalf of a user flow'. This will give you a delegated access token and the context of a user to return their presence information. See https://learn.microsoft.com/en-us/graph/auth-v2-user

Upvotes: 1

Ryan
Ryan

Reputation: 333

admin consent for a POC app

Sounds like you're using the client credential flow. If that's the case then the presence-get doc you linked shows that this call is not supported for admin consent.

enter image description here

That doesn't necessarily mean it won't work but...

...if you want to keep trying add the Presence.Read and Presence.Read.All permission to your app and see if that helps.

Upvotes: 0

Related Questions