question

WeiWen-3421 avatar image
0 Votes"
WeiWen-3421 asked ZehuiYaoMSFT-7151 edited

What are other settings needed in addition to access token in order to get Microsoft Graph's OneDrive API to return data

I am experimenting with Microsoft Graph's OneDrive API. In my android app, I used Microsoft SSO to sign the user in. If the user successfully signed in, I got a token which is actually AccessTokenRecord class.

To simplify testing, I used Postman and the AccessTokenRecord's mSecret as the access token in Postman. I tried a few APIs, e.g. https://graph.microsoft.com/v1.0/me/drive/sharedWithMe, but got only errors with code "itemNotFound". I checked my OneDrive in a url and found that I did have files shared with me.

My question is: Is the access token I used in Postman the correct one? Are there any other information that I need to pass in Postman, for example, request headers?

sharepoint-devmicrosoft-graph-sites-listsmicrosoft-graph-data-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

CarlZhao-MSFT avatar image
0 Votes"
CarlZhao-MSFT answered CarlZhao-MSFT commented

Hi @WeiWen-3421

Use the Graph Explorer test to see how it turns out.

190827-image.png

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


image.png (75.5 KiB)
· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

WeiWen-3421 avatar image WeiWen-3421 ·

@CarlZhao-MSFT I followed your suggestion to use Graph Explorer test by signing in. I found that I did get a list of shared files. However, in (Modify permissions) tab, it lists a number of permissions. Some have been granted to me, some not. At the top of the permission list, it says "One of the following permission is required to run the query". This looks like that as long as I have one granted permission it should work. Is my understanding correct? Or I need to have all permissions granted? My guess is that I need to have all permissions granted; otherwise, why I only got itemNotFound in Postman?

0 Votes 0 ·
CarlZhao-MSFT avatar image CarlZhao-MSFT WeiWen-3421 ·

@WeiWen-3421

Yes, you understand correctly, you don't need to grant all permissions, you only need to grant one of the following single permissions (delegated permissions): Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All.

Be sure to note: while the /sharedWithMe request will succeed with Files.Read or Files.ReadWrite permissions, some properties may be missing. Additionally, without one of the All permissions, shared items returned from this API will not be accessible.

I'm not sure what is your test process in postman, maybe you can use https://jwt.ms/ to parse the token and provide a screenshot.

0 Votes 0 ·
WeiWen-3421 avatar image WeiWen-3421 CarlZhao-MSFT ·

@CarlZhao-MSFT I tested the token in https://jwt.ms, and it looks good. For security reasons, I don't want to share it here. But I will post a screenshot of the Postman error.
I also tried the Authorization tab in Postman, chose a few authorization types such as OAuth2.0 and Bearer Token, but got the same error itemNotFound.

Thank you for help.191365-postman-item-not-found.png


0 Votes 0 ·
postman-item-not-found.png (168.4 KiB)
WeiWen-3421 avatar image WeiWen-3421 CarlZhao-MSFT ·

I found that if I used the access token that I got when logging in Graph Explorer (developer.microsoft.com/en-us/graph/graph-explorer) in Postman, it worked. But if I used the access token that I got when running the Android app, then I got itemNotFound error.

I am a bit confused on the different tokens. I asked my administrator to register the android app, and he granted me some basic User access for the app. I later asked for Files.Read, and he told me he granted it for the app. I think my question is: If the user successfully logged in through SSO on the app, does the user also gets the granted Files.Read access if the app is granted Files.Read?

0 Votes 0 ·
Show more comments