Microsoft Graph cannot access any driveItem object (i.e. GET /me/drive/root/children)
I am working on a Proof Of Concept web app which (among other things) accesses some Excel workbooks (on SharePoint or OneDrive) from the authenticated user.
It is based on Microsoft tutorial [Build Node.js Express apps with Microsoft Graph]https://docs.microsoft.com/en-us/graph/tutorials/node for most of the Ms Graph aspects.
- Azure AD authentication of the end user (https://login.microsoftonline.com/common/oauth2/v2.0/authorize)
- App registered in AAD portal (Implicit grant: ID tokens
, API Permissions for Ms Graph include Files.ReadWrite.All
and Sites.ReadWrite.All
)
Using Microsoft Graph Explorer
we validated API queries to the relevant driveItem resources with the following paths
- /drives/<id>/items/<id>
and /shares/<shareId>/driveItem
for SharePoint
- /me/drive/items/<id>
for OneDrive
But all those API queries fails when run from the web app (while other graph calls like /me/
, /me/drive/
and /me/drive/root/
work fine)
GET https://graph.microsoft.com/v1.0/drives/<id>/items/<id>
{
statusCode: 404,
code: 'itemNotFound',
message: 'The resource could not be found.',
requestId: 'cd35bf5b-1577-420e-980d-c1c2811a6fff',
date: 2019-09-18T08:42:05.000Z,
body:
'{"code":"itemNotFound","message":"The resource could not be found.","innerError":{"request-id":"cd35bf5b-1577-420e-980d-c1c2811a6fff","date":"2019-09-18T10:42:05"}}' }
GET https://graph.microsoft.com/v1.0/shares/<shareId>/driveItem
{
statusCode: 403,
code: 'accessDenied',
message: 'The caller does not have permission to perform the action.',
requestId: '1d3bba03-6c15-41f0-9de5-979ce42127b5',
date: 2019-09-18T08:46:37.000Z,
body:
'{"code":"accessDenied","message":"The caller does not have permission to perform the action.","innerError":{"request-id":"1d3bba03-6c15-41f0-9de5-979ce42127b5","date":"2019-09-18T10:46:37"}}' }
I very likely overlooked something like how the token is handled, but I couldn't find what.