I am trying to upload a file to Sharepoint. I Got the Accesstoken based on the client id and tenant id given by the application and able to do it.
'client_id='||'xxxx'||'&scope='||'https%3A%2F%2Fgraph.microsoft.com%2F.default'||'&client_secret='||'xxxxxx'||'&grant_type='||'client_credentials'
Token as follows :
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Based on the token i am trying to create an upload session and it is saying http1.1 403 forbidden. I have the known site id and Drive (Item id).
HTTPResponseHeader X-Original-HTTP-Status-Line:CHARACTER:HTTP/1.1 403
Forbidden X-Original-HTTP-Status-Code:INTEGER:403 Cache-Control:CHARACTER:private
Content-Type:CHARACTER:application/json request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533
client-request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533 x-ms-ags-
diagnostic:CHARACTER:{"ServerInfo":{"DataCenter":"South Central US","Slice":"SliceC","Ring":"3","ScaleUnit":"000","RoleInstance":"AGSFE_IN_11"}}
Strict-Transport-Security:CHARACTER:max-age=31536000
Date:CHARACTER:Fri, 19 Jun 2020 17:23:53 GMT Content-Length:CHARACTER:256
Application had given permissions to Sites.readwrite.All provided admin consent as well. Any help is Appreciated.
So there's a couple of things here:
To use the Microsoft Graph APIs to create an upload session to write a file to SharePoint using the site/library as a drive with an app only permission (client_credentials) you need to request the at least the Sites.ReadWriteAll
scope for the Microsoft Graph resource https://graph.microsoft.com
: https://learn.microsoft.com/en-us/graph/api/driveitem-createuploadsession?view=graph-rest-1.0
Instead of requesting the https://graph.microsoft.com/.default
scope try using 'https://graph.microsoft.com/Sites.ReadWriteAll`