Reputation: 1239
MS Graph Api call drops "The token contains no permissions, or permissions can not be understood."
Using the following code drops an exception with the following message: "NoPermissionsInAccessToken The token contains no permissions, or permissions can not be understood."
var clientId = "<GUID-goes-here>";
var tenantId = "<GUID-comes-here>";
var clientSecret = "<secret-goes-here>";
var scopes = new[] {"https://graph.microsoft.com/.default"};
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithTenantId(tenantId)
.Build();
var authResult = confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync().Result;
string token = authResult.AccessToken;
var authenticationProvider = new DelegateAuthenticationProvider(async (request) => {
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
await Task.FromResult<object>(null);
});
var graphClient = new GraphServiceClient(authenticationProvider);
var queryOptions1 = new List<QueryOption>()
{
new QueryOption("startDateTime", "2020-05-16" ),
new QueryOption("endDateTime", "2020-05-21"),
};
var calendar = graphClient.Me.Calendar.CalendarView
.Request(queryOptions1)
.OrderBy("start/dateTime")
.Top(3)
.GetAsync()
.Result;
// DROPS
// ServiceException: Code: NoPermissionsInAccessToken
// Message: The token contains no permissions, or permissions can not be understood.
The app is registered, Calendars.Read, Calendars.Read.Shared permissions are granted. The token value seems to be good - about 1400 chars long.
Anyone any idea whats going on here? Any advice is welcome! Thanks.
Upvotes: 0
Views: 397
Answers (1)
Reputation: 3575
Here you are using the Client Credential flow and you need to specify Application permissions for this so that they can showup in the token.
You can simply parse the token by putting it in https://jwt.ms and see if you have the permissions in your token or not.
There is one more thing that you miss here is that you are using me in the code which means there should be a user some how to login here but there is no user because you are using the App context flow. So simply add Application permissions and then call the API as below.
var calendarView = await graphClient.Users["userid"].CalendarView
.Request( queryOptions )
.GetAsync();
Upvotes: 1
Related Questions
- Microsoft Graph "Access is denied. Check credentials and try again" in C#
- Microsoft Graph API - Insufficient privileges to complete the operation
- Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation
- Microsoft Graph The token contains no permissions, or permissions cannot be understood
- MS Graph - 401 Unauthorized seemingly with proper token and access
- Graph API denies access even though I granted access
- Microsoft Graph Authentication Token Issue
- Microsoft Graph Api token invalid or not authorized?
- Failed to acquire token silently - Microsoft Graph API
- Microsoft Graph - Failed to acquire token silently