I am working on a document management application, which users should be able to access folders in oneDrive, sometime work on the same document/file, edit, copy document in application and upload document from application to the oneDrive. And it means that folder should be available to all users who has right. I could make all works when I am using my own personal account, for example I am using this url for getting list of files from a folderX:"https://graph.microsoft.com/v1.0/me/drive/root:/folederX:/children"", all works perfectly. But When I am using business account it doesn't work. I authenticate via tenant ID and I get correct token, but after that I get 400 error. Now, I am really confused if what I want to achieve here is really possible via oneDrive for business or we should use sharepoint? Because apparently folderX is shared with me in oneDrive business account and it doesn't exist in my own oneDrive. Sorry if the question seems stupid but I am really confused here.
the error is:
This is error: { "error": { "code": "accessDenied", "message": "There has been an error authenticating the request.", "innerError": { "request-id": "230e946c-d81a-4bf1-903e-26d92c5441db", "date": "2019-09-20T10:12:38" } } }
I understand that you are trying to use a personal Microsoft Account to access the files which have been shared with you in your customer's OneDrive for business. Correct me if there is any misunderstanding.
If so, you need to use the OAuth 2.0 code grant flow to get the access token.
Firstly, I assume that you have added your personal account as a guest user to your customer's Azure AD. And the file has been shared with your personal account. And the correct delegated permissions have been assigned in the App registered in your customer's Azure AD.
Request an authorization code like this:
https://login.microsoftonline.com/{Tenant ID of your customer}/oauth2/authorize?
client_id={app id of the app registered in your customer's Azure AD}
&response_type=code
&redirect_uri={redirect uri of the app registered in your customer's Azure AD}
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345
You will get a response like this:
https://localhost/?code={code}&state=12345&session_state=54572324-6121-4add-85f8-22e3a815646b
Please copy the "code" here for late use.
Then you can send a request for access token:
Replace "jmaster.onmicrosoft.com" with your customer's tenant and modify the other values (including client_id, client_secret, redirect_uri and code) in Body.
After getting the access token, you can send a request to access the shared files.
https://graph.microsoft.com/v1.0/users/{user id}/drive/root:/folederX:/children
Please note that the "user" here is who shared the files with you.