Graph API to access oneDrive for business items/ffiles

0
votes

I am working on a document management application, which users should be able to access folders in oneDrive, sometime work on the same document/file, edit, copy document in application and upload document from application to the oneDrive. And it means that folder should be available to all users who has right. I could make all works when I am using my own personal account, for example I am using this url for getting list of files from a folderX:"https://graph.microsoft.com/v1.0/me/drive/root:/folederX:/children"", all works perfectly. But When I am using business account it doesn't work. I authenticate via tenant ID and I get correct token, but after that I get 400 error. Now, I am really confused if what I want to achieve here is really possible via oneDrive for business or we should use sharepoint? Because apparently folderX is shared with me in oneDrive business account and it doesn't exist in my own oneDrive. Sorry if the question seems stupid but I am really confused here.

the error is:

This is error: { "error": { "code": "accessDenied", "message": "There has been an error authenticating the request.", "innerError": { "request-id": "230e946c-d81a-4bf1-903e-26d92c5441db", "date": "2019-09-20T10:12:38" } } }

1
sharepointonedriveazure-ad-graph-api
What error message comes back with the 400 response? If you could update your question with the full error response from the server that'll provide the information needed to answer your question.Brad
@Brad I updated the error.Mirana
@Brad, what I still cannot understand, is it possible to have a common folder between all users in OneDrive business account, which all have access to the files? I don't understand because the customer added me as a guest user to their ADD, and I never have full access to see how OneDrive business looks like.Mirana

1 Answers

0
votes

I understand that you are trying to use a personal Microsoft Account to access the files which have been shared with you in your customer's OneDrive for business. Correct me if there is any misunderstanding.

If so, you need to use the OAuth 2.0 code grant flow to get the access token.

Firstly, I assume that you have added your personal account as a guest user to your customer's Azure AD. And the file has been shared with your personal account. And the correct delegated permissions have been assigned in the App registered in your customer's Azure AD.

Request an authorization code like this:

https://login.microsoftonline.com/{Tenant ID of your customer}/oauth2/authorize?
client_id={app id of the app registered in your customer's Azure AD}
&response_type=code
&redirect_uri={redirect uri of the app registered in your customer's Azure AD}
&response_mode=query
&resource=https://graph.microsoft.com
&state=12345

You will get a response like this:

https://localhost/?code={code}&state=12345&session_state=54572324-6121-4add-85f8-22e3a815646b

Please copy the "code" here for late use.

Then you can send a request for access token:

enter image description here

Replace "jmaster.onmicrosoft.com" with your customer's tenant and modify the other values (including client_id, client_secret, redirect_uri and code) in Body.

After getting the access token, you can send a request to access the shared files.

https://graph.microsoft.com/v1.0/users/{user id}/drive/root:/folederX:/children

Please note that the "user" here is who shared the files with you.