1
votes

Trying to use the Unified API to fetch all groups. Using this URL - https://graph.microsoft.com/beta/myorganization/groups but getting 403 - code: "Authorization_RequestDenied", message: "Insufficient privileges to complete the operation".

However, it seems like I do have the right permissions - I have Group.Read.All in my token scope which is what's required by this API - see here.

Could it be because I'm using the Office 365 Unified API as another service (acquiring a separate access token) alongside the old existing code that already uses graph.windows.net?

2

2 Answers

0
votes

You should be able to get the results back if the token has Groups.Read.All scp claim. Make sure you are getting a token for the right resource resource=https://graph.microsoft.com/. If you are unsure you can use this tool http://jwt.calebb.net/ to parse and validate you have the right audience claim.

0
votes

Getting groups (read) worked fine with me in unified API Preview, with the following permissions:

Read and write all groups (preview)  
Enable sign-in and read user profile

Try adding "Read and write all groups (preview)" not "Read All Groups (Preview)"

However, if you are trying to create a group, you will need to also add another directory permission (unfortunately will need admin consent):

Read and write directory data

these are very weird behaviors from Office365 unified APIs, but we should excuse the APIs as you can see "beta" inside the endpoint URL.