question

LukasJung-7077 avatar image
0 Votes"
LukasJung-7077 asked CarlZhao-MSFT commented

Reset Redemption Status by using Microsoft Graph with App Permissions

I try to use the relative new feature of resetting the redemption status of a guest user. My code calls the invitations API of Microsoft Graph, as described here: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/reset-redemption-status

This works as expected, as long as I use delegated / user permissions. But it doesn't seem to work with App Permissions! The invitation API itself works with App Permissions, but this specific feature of resetting the redemption status ends with an error:

HTTP 403 Forbidden
Guest invitations not allowed for your company. Contact your company administrator for more details.

The app has Directory.ReadWrite.All as well as User.Invite.All permissions granted. And the invitation without the resetRedemption switch works. I used the Beta endpoint of MS Graph - so, i'm aware of the fact that it isn't available on v1.0 endpoint yet.

Is this a known issue?
BR, Lukas

microsoft-graph-users
· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Use https://jwt.ms/ parses your access token and provides a screenshot.

0 Votes 0 ·

Thanks for your response. Screenshot below:

114159-image.png


1 Vote 1 ·
image.png (58.1 KiB)

Judging from your error message, it says that your company does not allow guests to be invited, so are you performing the operation of inviting guests?

0 Votes 0 ·
Show more comments

1 Answer

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered CarlZhao-MSFT commented

Currently does not support application permissions!


I have read the doc in detail, and there are detailed instructions in the doc: When you're resetting the status for a B2B guest user, be sure to do so under the user context. App-only calls are currently not supported.


During public preview, we have two recommendations:

When you're resetting the user's email address to a new address, we recommend setting the mail property. This way the user can redeem the invitation by signing into your directory in addition to using the redemption link in the invitation.

When you're resetting the status for a B2B guest user, be sure to do so under the user context. App-only calls are currently not supported.




If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


















· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ok, that makes sense - thanks. Do you know about any plans whether this API will have support for App permissions in the near future?

0 Votes 0 ·