0
votes

I am trying to list the Outlook Task Folders using Microsoft Graph with POSTMan. Following is the URL I am using:

 https://graph.microsoft.com/beta/me/outlook/taskFolders

After adding the Bearer Token in the request header, I am getting the following response Graph:

"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",

I have already enabled the following permissions:Tasks.ReadWrite. What am I missing here?

1
Can you add how you are getting the access token?juunas
This is url i am using for getting the token: login.microsoftonline.com{tenantid}/oauth2/v2.0/token And following are the parameters passing as part of the GET Request: grant_type - client_credentials, scope - graph.microsoft.com/.default, client_id,client_secretDCZ
Can you clarify, did you mean POST instead of GET request (hint: it should be a POST :) )Marc LaFleur

1 Answers

0
votes

I can reproduce your issue while using client credentials flow to get access token. I decode the access token and do not see the permission I assigned. As the article said:

The permission is delegated from the user to the application, usually during the consent process. However, in the client credentials flow, permissions are granted directly to the application itself. When the app presents a token to a resource, the resource enforces that the app itself has authorization to perform an action and not the user.

So, I suggest that you could use OAuth 2.0 authorization code flow to get the access token. And add your Tasks.Read permission in scope.

https://login.microsoftonline.com/xxxxx/oauth2/v2.0/authorize?
client_id=xxxxx
&response_type=code
&redirect_uri=https://localhost:123
&response_mode=query
&scope=https://graph.microsoft.com/Tasks.Read

For more details to get access token with auth code flow you could refer to this article.