question

LuizOtavioMendes-5288 avatar image
0 Votes"
LuizOtavioMendes-5288 asked saldana-msft edited

Microsoft azure authentication flow

I'm developing a back-end service, which I need to use a Onedrive api to download a file on Onedrive. And I'm having a problem with the authentication system. I need to generate the Onedrive access token without going through the browser, as it is a back-end service. I can even manage the token, but it doesn't give me access to Onedrive. Anyone have any solution?

azure-ad-authenticationmicrosoft-graph-identity
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@LuizOtavioMendes-5288 Welcome to Microsoft Q&A forums.
Could you please tell us more about the app registration and what scopes you have requested access for?
Do you need admin consent for the application in your tenant?

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @LuizOtavioMendes-5288 · Thank you for reaching out.

When you say "it doesn't give me access to Onedrive", what message/error do you get? Always include error when you post a question.

  1. If you are getting "error code": "AuthenticationError", "message": "Error authenticating with resource", the enterprise application Office 365 SharePoint Online (App ID 00000003-0000-0ff1-ce00-000000000000) must be disabled. To enable it, navigate to properties of the application and set Enabled for users to sign-in? to YES.

  2. As you acquired token in application context, If you use GET https://graph.microsoft.com/v1.0/me/drives call, it will result in error as /me endpoint can only be used when token is acquired under user context. You need to use one of the below calls:

    • GET /drives/{drive-id}/items/{item-id}/content

    • GET /groups/{group-id}/drive/items/{item-id}/content

    • GET /sites/{siteId}/drive/items/{item-id}/content

    • GET /users/{userId}/drive/items/{item-id}/content

  3. Make sure you have at least Files.ReadWrite.All, Sites.ReadWrite.All application permissions in the token that you acquired. You can check this by decoding the token at https://jwt.ms.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.