Microsoft Graph API - List Contacts for user users does not work?

1
votes

I am attempting to use the "List Contacts" Microsoft Graph v1.0 API (https://docs.microsoft.com/en-us/graph/api/user-list-contacts?view=graph-rest-1.0) to retrieve the contacts of various users in my organization. In other words I want to list contacts in a delegated fashion.

My problem is that this API only seems to work for the user associated with the access token, e.g.:

  1. Get Microsoft Graph API token for user "A"
  2. Request to https://graph.microsoft.com/v1.0/users/USER_A_ID/contacts works fine
  3. Request to https://graph.microsoft.com/v1.0/users/USER_B_ID/contacts fails

The error returned by the API is: 

{
  "error": {
    "code": "ErrorAccessDenied",
    "message": "Access is denied. Check credentials and try again.",
    "innerError": {
      "request-id": "[REQUEST_ID]",
      "date": "[DATE]"
    }
  }
}

I have verified that the token contains the "Contacts.Read" scope by decoding the JWT token and examining the "scp" field, so I do not understand why the APIs saying that access is denied. Any ideas as to why this is failing?

1
microsoft-graph-api

1 Answers

0
votes

Your need Contacts.Read.Shared or Contacts.ReadWrite.Shared, Your current Contacts.Read scope will only allow you to access the current users Contacts Folder. The other thing is the user requesting will still need to be granted the underlying delegate rights to the Target Mailbox Folder ( via Outlook delegation or Add-MailboxFolderPermission eg they need to be able to access the folder via Outlook or OWA).