Search code examples
azure-active-directorymicrosoft-graph-apimicrosoft-graph-files

HTTP/1.1 403 Forbidden while create upload session

I am trying to upload a file to Sharepoint. I Got the Accesstoken based on the client id and tenant id given by the application and able to do it.

'client_id='||'xxxx'||'&scope='||'https%3A%2F%2Fgraph.microsoft.com%2F.default'||'&client_secret='||'xxxxxx'||'&grant_type='||'client_credentials'

Token as follows :

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Based on the token i am trying to create an upload session and it is saying http1.1 403 forbidden. I have the known site id and Drive (Item id).

https://graph.microsoft.com/v1.0/sites/xxxxxx/drive/items/xxxxx:/test123.xml':/createUploadSession

HTTPResponseHeader X-Original-HTTP-Status-Line:CHARACTER:HTTP/1.1 403 
Forbidden X-Original-HTTP-Status-Code:INTEGER:403 Cache-Control:CHARACTER:private 
Content-Type:CHARACTER:application/json request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533 
client-request-id:CHARACTER:1f6e2c51-5061-41c0-be0d-ee38a2c2a533 x-ms-ags-
diagnostic:CHARACTER:{"ServerInfo":{"DataCenter":"South Central US","Slice":"SliceC","Ring":"3","ScaleUnit":"000","RoleInstance":"AGSFE_IN_11"}} 
Strict-Transport-Security:CHARACTER:max-age=31536000 
Date:CHARACTER:Fri, 19 Jun 2020 17:23:53 GMT Content-Length:CHARACTER:256

Application had given permissions to Sites.readwrite.All provided admin consent as well. Any help is Appreciated.

Solution

  • So there's a couple of things here:
    To use the Microsoft Graph APIs to create an upload session to write a file to SharePoint using the site/library as a drive with an app only permission (client_credentials) you need to request the at least the Sites.ReadWriteAll scope for the Microsoft Graph resource https://graph.microsoft.com: https://learn.microsoft.com/en-us/graph/api/driveitem-createuploadsession?view=graph-rest-1.0
    Instead of requesting the https://graph.microsoft.com/.default scope try using 'https://graph.microsoft.com/Sites.ReadWriteAll`