"Access is denied" while trying to retrieve Outlook tasks with Graph API

0
votes

I have an app registered in AzureAD, which I gave all Graph API permissions. Yet when I try to get: https://graph.microsoft.com/beta/users/[user id]/outlook/tasks

Or: https://graph.microsoft.com/beta/groups/{id}/events

I get "Access is denied. Check credentials and try again." error, but I have no more permissions I can add. I used the administrator consent to allow all of the permission, but nothing changed. (Other things in Graph beta API are working)

This is the code I use in Python:

url = "https://login.microsoftonline.com/[domain]/oauth2/token"
data = {'client_id': '1111111111',
    'client_secret': '2222222222',
    'grant_type': 'client_credentials',
    'resource': 'https://graph.microsoft.com',
    'scope': 'https://graph.microsoft.com/.default'}
r = requests.post(url, data=data)
access_token = r.json()['access_token']
data = {'Authorization': 'Bearer ' + access_token, 'Accept': 'application/json'}
url = "https://graph.microsoft.com/beta/users/[user id]/outlook/tasks"
r = requests.get(url, headers=data)
print r.content
1
pythonazureoffice365microsoft-graph-apiazure-ad-graph-api
Could you add a screenshot of the permissions you added?juunas
Am I correct in assuming that you're using a Service Principal? If so, where is your AD tenant ID?Rob Truxal
AD tenant ID is here: "login.microsoftonline.com/[domain/tenant id]/oauth2/token"Anna Obibok
read all users full profile read and write devices read directory data read all groups read contacts in all mailboxes read calendars in all mailboxes read mail in all mailboxes read all hidden memberships read all usage reportsAnna Obibok
read and write files in all site collections read files in all site collections read all user mailbox settings read and write domains read all onenote notebooks Delegated Permissions: view users basic profile view users email address create, read, update and delete user tasks and projects read user tasks access users data anytime sign users in read items in all site collections read all files that user can access read user files read user contacts read user calendars read user mail access directory as the signed in user read directory dataAnna Obibok

1 Answers

-1
votes

'grant_type': 'client_credentials'

Application permissions not allowed

Delegate permissions are allowed

For more clarity refer to this : https://docs.microsoft.com/en-us/graph/api/outlookuser-post-tasks?view=graph-rest-beta&tabs=csharp