Problem
I get
Microsoft\Graph\Exception\GraphException: [0]: Received 403 for call to https://graph.microsoft.com/beta/me/chats/[id]@unq.gbl.spaces/members
I fail to understand why.
Research
permissions in Azure
how the exception appears in my queue
Additional information
Just to be clear: this same request with other users of our company is working, so it's not something that always fails. It might be worth noting that the permissions starting with Chat are from the beta version of the graph api. Also retrieving info about the user (ownUser getGivenName) is working for all users.
App scopes
The scopes defined in the application are:
openid profile offline_access user.read mailboxsettings.read calendars.readwrite Chat.ReadBasic Chat.Read Chat.ReadWrite
Response of the server
The response completely:
{
"error": {
"code": "Forbidden",
"message": "Forbidden",
"innerError": {
"date": "2021-05-04T12:05:41",
"request-id": "xxxxxxx-f7ea-4912-a23b-676002d0912d",
"client-request-id": "xxxxxxx-f7ea-4912-a23b-676002d0912d"
}
}
}
The response headers also don't reveal anything:
Also tried
I also tried re-visiting https://login.microsoftonline.com/common/adminconsent?client_id=[id] and give my (admin) consent, however this doesn't change anything.
JWT token
Also I decoded both a working users jwt token and a non-working one and they have the same scp (scopes) configured. Here is the diff
used endpoints
/me/chats/me/me/chats/$chatId/messages/me/chats/$chatId/members



dd4afa4a-f7ea-4912-a23b-676002d0912d, I doubt this id is dangerous to post in any way, however I tried to keep as mich private as possible - online ThomasOffice365 licensefor your users. Try to grant Office365 license to your users before calling the api. - Carl Zhao