Microsoft Graph REST API profilePhoto as deamon

1
votes

i try to develop a web-service which displays some user information from an Office 365 instance using the Microsoft Graph.

I'm able to query groups, user details and so on, but i'm not able to get the user profile picture as described here http://graph.microsoft.io/docs/api-reference/v1.0/api/profilephoto_get. It always return a 403, even when my service had all rights (for testing purpose).

The webservice is a deamon as described here: http://graph.microsoft.io/docs/authorization/app_only, so no actual user is logged in. Could that be an issue? Is it possible to query the photo information using a deamon?

1
phprestoffice365office365apimicrosoft-graph-api
Chris - what permission scopes did you configure for your application? Also can you update your post with the client-request-id and timestamp that you see in the HTTP headers for the 403 response please? - Dan Kershaw - MSFT
Hi Dan, i continued playing around with the app permission for the application today and was able to fix that. Seems like my issue was a combination of two issues: First i was usind delegated instead of app permissions for a while, second my implementation reused the Auth-Token which doesn't seem to get updated rights. I restarted the apache running the app after setting the expected application permission and it worked. - chris
Pleased to hear that Chris. Can you add this as an answer please? - Dan Kershaw - MSFT
Yes please document the solution as answer to your question. - Thierry Dalon

1 Answers

0
votes

As mentioned above, the problem could be solved by two things:

  • Use app permissions istead of delegated
  • If implementation reuses the Auth-Token, restart the apache (or other webserver) running the app after changing permissions for the app. The cached token doesn't seem to get updated rights.