question

PatrickRote-3473 avatar image
0 Votes"
PatrickRote-3473 asked saldana-msft edited

Getting access denied issue graph api

I'm facing this issue and dont know what to do anymore to fix it.

I am trying to use the graph api endpoints to list the recent files by signed in user in a sharepoint classic page
var upn = "validemailaddress"
- https://graph.microsoft.com/v1.0/users/" + upn + "/insights/used
- https://graph.microsoft.com/v1.0/me/insights/used

I have registered an app registration and have a delegated permission to scope - Sites.Read.All ( this is according to the MSDN api documents insights-list-used)


But i keep getting this error below - when i use - https://graph.microsoft.com/v1.0/me/insights/used

104175-insightserror.png



I'm acquiring a token by using the below and its working and a token assigned(As a signed in user)

url: _spPageContextInfo.webAbsoluteUrl + "/_api/SP.OAuth.Token/Acquire",

Is this the correct way to acquire a token to be able to return this data when i use graph explorer it works.

Do the user need to sign in again when the page load for this to work?


Is there anything i'm missing as all the other endpoints work.

My aim is to display recent files of logged in user on a sharepoint classic page

Thanks in Advance


office-sharepoint-onlinemicrosoft-graph-identity
insightserror.png (5.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHan-MSFT avatar image
1 Vote"
MichaelHan-MSFT answered MichaelHan-MSFT edited

Hi @PatrickRote-3473,

Per my test, I got the same result as yours on my end. So I check the token in https://jwt.ms, and found that Sites.Read.All is not granted for the token.

104622-image.png

The /_api/SP.OAuth.Token/Acquire endpoint does not use the app we registered , it should use the default AAD app called Office 365 SharePoint Online which doesn't have the Sites.Read.All permission.



If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.








image.png (19.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PatrickRote-3473 avatar image
0 Votes"
PatrickRote-3473 answered

Thanks Michael,
I figured it out .
I used the MSAl.js - acquireTokenSilent

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.