I have implemented access to OneDrive files using the Graph SDK from https://github.com/microsoftgraph/msgraph-sdk-android
For Authentication, I am using the same approach as in the Connect sample which uses the MSAL library, i.e. compile ('com.microsoft.identity.client:msal:0.1.+')in the build.gradle file.
I am calling mPublicClientApp.acquireToken with
String[] scopes = {"offline_access", "https://graph.microsoft.com/Files.ReadWrite","https://graph.microsoft.com/User.Read"}; and successfully retrieve accessTokens for both personal accounts and business accounts.
Next, I want to store a file on the user's OneDrive using
client.getDrive()
.getRoot()
.getItemWithPath("file.txt")
.getContent()
.buildRequest()
.put(data);
which works as expected with a personal account but fails with 403: Forbidden when using my business account (which BTW is the user of the app in the Azure portal). Similarly, I get 404: Not found if I try to get the DriveItem for a file which does exist (and that works for the personal account as well).
Is there anything wrong with my code or does it look like wrong configuration of the app? (I am using the "preview mode" in Azure portal). The permissions I have added are
Files.ReadWrite
Delegiert
Have full access to user files
-
offline_access
Delegiert
Access user's data anytime
-
User.Read
Delegiert
Sign in and read user profile
-
User.ReadWrite
Delegiert
Read and write access to user profile
-
This is my full manifest (with some IDs removed):
{
"id": "...",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"allowPublicClient": true,
"appId": "...",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-12-24T08:51:51Z",
"groupMembershipClaims": null,
"identifierUris": [
"api://..."
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "...",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "blub",
"adminConsentDisplayName": "bla",
"id": "d3659b01-433e-44eb-ab39-9ee9c19f7fe8",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": null,
"userConsentDisplayName": "read files",
"value": "Files.ReadWrite"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"preAuthorizedApplications": [],
"publisherDomain": "crocoapps.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "InstalledClient"
},
{
"url": "msal8374f.................d9b2://auth",
"type": "InstalledClient"
},
{
"url": "https://login.live.com/oauth20_desktop.srf",
"type": "InstalledClient"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": [],
"tokenEncryptionKeyId": null
}
