Access to this API requires the following permissions: AttachmentSession.Write

Monica Gerchinhoren 1 Reputation point
2020-11-19T00:30:08.873+00:00

I implemented this https://learn.microsoft.com/en-us/graph/outlook-large-attachments?tabs=java, and I’m having a permission issue.

x-ms-diagnostics : 2000008;reason="Access to this API requires the following permissions: 'AttachmentSession.Write,AttachmentSession.Write.All,AttachmentSession.Write.Shared'. However, the application only has the following permissions granted: 'Calendars.ReadWrite,Files.ReadWrite,Mail.Read,Mail.ReadWrite,Mail.Send,User.Read,User.ReadWrite'.";error_category="invalid_grant"
X-Powered-By : ASP.NET
X-Proxy-BackendServerStatus : 403
X-Proxy-RoutingCorrectness : 1
X-RUM-Validated : 1
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}

PUT https://outlook.office.com/api/gv1.0/users('xxxxxx')/messages('xxxxxxxx')/AttachmentSessions(

and when I tried to add that permissions in the scopes, I get:

The application 'xxxxx’ asked for scope 'AttachmentSession.Write' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.
Trace ID: 6492b2a1-4d9c-4c7e-9cb9-cce9eda50a00
Correlation ID: 5295a4d4-5bc7-4b17-b6f7-c8ab8ed529ee
Timestamp: 2020-11-19 00:19:37Z

I research in all Microsoft Graph documentation and I dont fine any permission for AttachmentSession.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,716 Reputation points Microsoft Employee
    2020-11-23T07:37:31.723+00:00

    Hello @Monica Gerchinhoren , thank you for reaching out. It looks like the permission "AttachmentSession.Write." is not a valid permission and hence not a suitable scope to mention in the request.

    Since the Graph API you are using is for attachment, hence the only scopes that would be required here are:

    • If accessing attachments in messages: Mail.Read.
    • If accessing attachments in events: Calendars.Read.
    • If accessing attachments in group posts: Group.Read.All.

    https://learn.microsoft.com/en-us/graph/api/attachment-get?view=graph-rest-1.0&tabs=http

    Make sure you remove AttachmentSession.Write from your request and just try with Mail.Read or Mail.ReadWrite and that should work.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

  2. Oliver 11 Reputation points
    2021-01-07T11:28:25.187+00:00

    Just ran into the same issue. The problem occurs if you apply an auth token to the request when sending a chunk. If you send the request without any auth header everything works as expected!

    SO helped me: https://stackoverflow.com/questions/63933868/uploading-a-large-attachment-using-microsoft-graph-got-invalid-token-error

    0 comments