question

Srini-7038 avatar image
0 Votes"
Srini-7038 asked JosephXu-MSFT commented

"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation."

Hi All,
I am trying to hit the Graph API EndPoint but its giving me below error. Do you think anything is missing. I tried it from Postman. First call is to fetch the token and second call to fetch user details
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-09-02T04:10:16",
"request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f",
"client-request-id": "4e9482f0-6148-4097-9fe6-a1587f8ebf3f"
}
}
}
EndPoint to fetch user - https://graph.microsoft.com/v1.0/users/firstname.lastname@myCompany.com



128606-ea122a30-6db7-4df1-b6ea-0cb8ebb8ff8b.png


128607-11ef7a73-137e-4bc5-9407-422271860bd4.png


microsoft-graph-users
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

{
"typ": "JWT",
"nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
"alg": "RS983",
"x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
"kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"iat": 1630642959,
"nbf": 1630642959,
"exp": 1630646859,
"aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
"app_displayname": "IT-Token",
"appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
"appidacr": "1",
"idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"idtyp": "app",
"oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
"rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
"sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
"tenant_region_scope": "EU",
"tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
"uti": "cfLwDO238kmUoFakjWFPBB",
"ver": "1.0",
"wids": [
"0977a1d9-0d1d-4acb-b480-d5ca73121e20"
],
"xms_tcdt": 1525893040
}.[Signature]

0 Votes 0 ·

Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

{
"typ": "JWT",
"nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
"alg": "RS983",
"x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
"kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"iat": 1630642959,
"nbf": 1630642959,
"exp": 1630646859,
"aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
"app_displayname": "IT-Token",
"appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
"appidacr": "1",
"idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"idtyp": "app",
"oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
"rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
"sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
"tenant_region_scope": "EU",
"tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
"uti": "cfLwDO238kmUoFakjWFPBB",
"ver": "1.0",
"wids": [
"0977a1d9-0d1d-4acb-b480-d5ca73121e20"
],
"xms_tcdt": 1525893040
}.[Signature]

0 Votes 0 ·
JosephXu-MSFT avatar image
0 Votes"
JosephXu-MSFT answered Srini-7038 published

Hi@Srini-7038 You'd better parse the permissions of the token here. If you're using app permission, you can check "roles" property. If you're using delegated permission, you can check "scp" peroperty, to see if there contains User.Read.All.

  1. App permission:
    128904-image.png

  2. Delegated permission:
    128828-image.png





image.png (5.9 KiB)
image.png (9.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

{
"typ": "JWT",
"nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
"alg": "RS983",
"x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
"kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"iat": 1630642959,
"nbf": 1630642959,
"exp": 1630646859,
"aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
"app_displayname": "IT-Token",
"appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
"appidacr": "1",
"idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"idtyp": "app",
"oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
"rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
"sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
"tenant_region_scope": "EU",
"tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
"uti": "cfLwDO238kmUoFakjWFPBB",
"ver": "1.0",
"wids": [
"0977a1d9-0d1d-4acb-b480-d5ca73121e20"
],
"xms_tcdt": 1525893040
}.[Signature]

0 Votes 0 ·
Srini-7038 avatar image
0 Votes"
Srini-7038 answered JosephXu-MSFT commented

Hi @JosephXu-MSFT - I have pasted the token and here is what I got in response. I do not see roles or spc in it. I have changed someone of the values in it to avoid any issues.

{
"typ": "JWT",
"nonce": "9abcd2zGWzitlRTomilE3UUdInZTXOsXM7y4tS97JAg",
"alg": "RS983",
"x5t": "nOo3ZDrOASRE1jKWhXslHR_KXEg",
"kid": "nOo3ZDrOASRE1jKWhXslHR_KXEg"
}.{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"iat": 1630642959,
"nbf": 1630642959,
"exp": 1630646859,
"aio": "E2ZgYDjW6h4uu9d5bk38DOW6+bH3AA==",
"app_displayname": "IT-Token",
"appid": "22d2b80d-11f3-43f3-8f53-3c08a1723zz2",
"appidacr": "1",
"idp": "https://sts.windows.net/d34b221f-dca9-5ee8-92f8-1215a965d42a/",
"idtyp": "app",
"oid": "203991a9-3a4c-416d-9fcb-a0e76d2770ae",
"rh": "0.ATEAHyJL09SsRE6S-BIVqWXUKg230iLzEfNDj1M8CKFyOqMxAAA.",
"sub": "060771a9-3a4c-416d-9fcb-a0e76d2770ae",
"tenant_region_scope": "EU",
"tid": "d34b221f-dca9-5ee8-92f8-1215a965d42a",
"uti": "cfLwDO238kmUoFakjWFPBB",
"ver": "1.0",
"wids": [
"0977a1d9-0d1d-4acb-b480-d5ca73121e20"
],
"xms_tcdt": 1525893040
}.[Signature]


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Srini-7038 This situation is strange. Can you follow this document to get a token and use token. In theory, there will be one of the attributes.

0 Votes 0 ·

Hi @JosephXu-MSFT - I am getting the token in a right way. Here is the snapshot.

128968-image.png


0 Votes 0 ·
image.png (96.6 KiB)

@JosephXu-MSFT - Any help please?

0 Votes 0 ·
Show more comments