MS Graph API Insufficient permissions when using Python SDK, sufficient when doing normal HTTP requests
I'm trying to migrate my usage of Graph API from doing http requests via requests to using the Python SDK. I was using the acquire_token_by_username_password method and requests were going through correctly. When migrating to utilize the Python SDK, I'm creating my client like:
credential = UsernamePasswordCredential(
client_id=self._client_id,
username=username,
password=password,
)
return GraphServiceClient(credential, self._scopes)
and then attempting a request like:
await client.users.get(request_configuration=request_configuration)
However, with the same credentials as I was using in the HTTP method, I'm getting:
APIError
Code: 403
message: None
error: MainError(additional_data={}, code='Authorization_RequestDenied', details=None, inner_error=InnerError(additional_data={}, client_request_id='53e56211-cd3d-47d5-b3fb-b6dacd6088a8', date=DateTime(2024, 2, 25, 11, 10, 15, tzinfo=Timezone('UTC')), odata_type=None, request_id='4b92be4e-d60a-4040-bcb4-e8d11a636879'), message='Insufficient privileges to complete the operation.', target=None)
I have attempted re consenting for the (delegated) permissions in azure; not sure what else can I do.
The error usually occurs if the user or service principal does not have required permissions or roles to perform the operation.
Initially, I too got same error when I passed User.Read in scopes that is not enough to list users:
To resolve the error, you need to add at least User.Read.All Delegated permission in your app registration by granting admin consent to it:
When I ran below modified code by changing scope value to User.Read.All, I got response with users successfully like this:
import asyncio
from msgraph import GraphServiceClient
from azure.identity import UsernamePasswordCredential
credential = UsernamePasswordCredential(
client_id="appId",
username="[email protected]",
password="xxxxxxxxxx",
)
scopes=['User.Read.All']
client = GraphServiceClient(credential, scopes=scopes)
async def get_users():
try:
users = await client.users.get()
for user in users.value:
print(user.display_name)
except Exception as e:
print(e)
asyncio.run(get_users())
Response:
Reference: List users - Microsoft Graph
- Error: There were errors reading plugin package (please check also your plugin's metadata). Could not unzip file
- tensorflow: register numpy bfloat16 extension
- how to avoid row number in read_sql output
- How can I format Flask Werkzeug logging or move the request values to my logger format?
- pass both string and list to pandas .isin method
- ModuleNotFoundError: No module named 'taming'
- Baffled by Python math geometric output
- How to create a new text file using Python
- How do I get a list of tables, the schema, a dump, using the sqlite3 API?
- Leave incomplete line on screen when hitting Ctrl-C in ipython 5.0+
- How to understand the star quantifier (*) output
- Tk label not displaying on MacOS 13.0.1
- django-auditlog change list customization in django admin
- Issue installing matplotlib on Python 32-bit
- Discrete Real dimension spacing in scikit-optimize
- Annotate seaborn barplot with value from another column
- How to find the location of a specific "include" library in Python?
- Where are the python modules stored?
- Is there a way to destroy the tkinter messagebox without clicking OK?
- how to end flask app (e.g. control c) when i close/terminate a tkinter window
- pip install seems to be working, but when I try to run code I get thrown an error
- How can I format tickers for hh:mm in Python matplotlib over a fixed period
- How to run Uvicorn FastAPI server as a module from another Python file?
- Create random numbers with left skewed probability distribution
- How to set the logging level for the elasticsearch library differently to my own logging?
- Convert a python non-tail recursive function adding sub-folders info to a loop
- How to call a function that takes an argument in a Django template?
- Kivy app build successfully using buildozer but crashes when opened on android phone
- Django Template Not Displaying Vendor Contact and Description Fields
- Search for currency pairs