Roles claim not present in token error when using graph API to connect to SharePoint using selected sites permission
We have a client registration for our application with permissions to access a specific SharePoint site that were granted using the sites.selected approach described in the following article. Our application was assigned "Write" role for the site.
We can retrieve a token for our app registration. However, it does not contain a roles or scp claim, and we get an error informing us of this when we attempt a call to see the lists or drives on the site.
Are we doing something wrong? Does the sites.selected permission not extend to Lists or Drives?
(We are only planning to use the drives call as a once-off operation, so if this is not supported we can probably work around that. Our requirement is to read and write files on the specified sites.)
Here is the request and response where we retrieve the token:
Here is the request to list the drives:
Update: I think the problem is that the permissions were granted for the SharePoint API and not the Graph API.
The error usually occurs if the access token does not have permissions related to Microsoft Graph while calling Graph API requests.
When I tried to list drives in site using token having no Graph API permissions, I too got same error like this:
GET https://graph.microsoft.com/v1.0/sites/siteId/drives
Response:
To resolve the error, make sure to grant Microsoft Graph API permissions of Application type in your app registration:
Now, I generated the access token again using client credentials flow via Postman:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type:client_credentials
client_id: appId
client_secret: secret
scope: https://graph.microsoft.com/.default
Response:
To confirm that, you can decode the access token in jwt.ms website and check whether roles claim has valid permissions or not:
When I used this token to list drives in SharePoint site, I got the response successfully like this:
GET https://graph.microsoft.com/v1.0/sites/siteId/drives
Response:
- Combine rows if the dates exist in another row
- Distinguish between two maximum values in a column with Power Query
- Power Query Conditional JOIN - JOIN with WHERE clause
- Calculate combinations for a range of text values in excel
- How to update a column's values in Power BI M Language
- What's the difference between DAX and Power Query (or M)?
- Sorting issue when consolidating monthly data into a year to date file. Using query, sorting by day, time, and letter
- Power Query `List.Generate` runs too slow
- Custom Colum based on specific dates in powerquery
- How do I properly use table.group in a PowerQuery query to dynamically summarize different rows and columns?
- Excel Power Query syntax issue transform multiple columns of records
- How to capitalize only first letter of a sentence
- Power Query Import For Power BI with group by on SelectRows
- Get data from config table cell when loading data source with power query
- Translate Excel Formula into Power Query
- Counting matching pairs of letters in lists of bigrams in Power Query M
- Bigrams of a string in Power Query M
- Power Query code to refer to another query (and how buffering works)
- M code for the equivalent of of Left (string, len(string)-11)
- How to add a missing column to the Transform Sample File
- How to add or insert ' (single quotes) for every string in a list in which strings are separated by commas in Power Query
- Power BI M code Split column from Lowercase to Uppercase won't include diacritics (accents)
- M Code(Power Query) to Remove Empty columns that runs fast
- How to find the value with date closest to another date
- Error when build AOSP 14 - internal error: undefined variable CTS_TEST_SUITES_DEFAULT
- Call a table using a dynamic identifier
- Problem getting the value from a cell using M in excel
- How to rename columns based on the data within them in Power Query M?
- Power Query return a field name based on parameter
- Power Query: after combining 2 tables got something strange