I am unable to access Microsoft Graph API's, I am getting the below error object-
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-03-11T07:17:41",
"request-id": "fa7c7d27-50f3-46ca-b7a9-25198e6cdd8e",
"client-request-id": "fa7c7d27-50f3-46ca-b7a9-25198e6cdd8e"
}
}
}
I have registered the application in the Azure registration portal, acquired client_id, tenant, and client_secret, and used that to generate an access token with the help of the below API-
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id={client_Id}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&client_secret={client_secret}
&grant_type=client_credentials
The access token which I got in this response is used to further call Graph API's but it's giving me an error object attached above.
Please help me here.
This particular error is typically thrown when your application does not have the required permission to call a particular endpoint. Please go to the azure portal and grant the necessary Graph permissions for the endpoints you are calling. You can view the particular permissions you need by going to the Microsoft Graph documentation of the API you want to call and check under the permissions section. For signed in users, you will need the delegated permissions and for access as an application/daemon, you will need application permissions.
To grant these permissions, follow these steps:
Azure portal > Azure Active Directory > App Registration > All Applications > Search with your ClientID/AppID.
In that application navigate to:
Api Permissions > Add a permission > Microsoft Graph > Delegated permissions > Expand User > Select required permissions.
Once the permissions are added, click on Grant Admin Consent for Your Tenant.