GET https://graph.microsoft.com/v1.0/me/contacts 401 (Unauthorized)

1
votes

I am trying to list my contacts with 'GET https://graph.microsoft.com/v1.0/me/contacts' and always have 401 (Unauthorized).

My application on apps.dev.microsoft.com has permissions:

  • Contacts.ReadWrite (both delegated and application permissions)

My client application has authentication scope: https://graph.microsoft.com/Contacts.ReadWrite

Other API like 'me' or 'users' works fine.

I tried to list my contacts using Microsoft Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) with enabling relevant scopes and it never worked for me. Any hints on how to resolve it are appreciated.

Thank you in advance.

1
microsoft-graph-api
Copy your access token and parse it at jwt.io. Check the scp claim to see if it actually contains the scope.Jason Johnston
Thank you for your reply. ... "oid": ".....", "platf": "....", "puid": "....", "scp": "Contacts.ReadWrite Directory.ReadWrite.All People.Read.All User.Read.All User.ReadBasic.All User.ReadWrite", "signin_state": [ "kmsi" ],Andrey K
@JasonJohnston Just in case, I tried with just a single scope Contacts.ReadWrite scope and it didn't work... "scp": "Contacts.ReadWrite",Andrey K
I missed that you said it doesn't work in Graph Explorer either. In that case do you get any text in the error response? Is it also a 401?Jason Johnston
@JasonJohnston I am trying to invoke graph.microsoft.com/v1.0/me/contacts in the Graph Explorer with my test account from my own active directory on azure. The scope "Contacts.ReadWrite" is enabled. I get "Failure - Status Code 401". Response: "code": "UnknownError" ...Andrey K

1 Answers

0
votes

The Microsoft Graph can only access cloud data, so in order to access personal contacts, you need to have an Exchange Online mailbox in Office 365. (reference) From your comment, you don't have an Exchange Online mailbox so unfortunately the /me/contacts endpoint won't work for your users.