0

I had googled a lot on this issue yet nothing helped me. I had seen many similar post also but no useful.

I am using MS Graph API V2 to access user emails,calendar and contacts data.

Authorize URL:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ABC&redirect_uri=redirectURL&response_type=code&scope=Mail.Read(ScopeURL)

Token Request URL:

https://login.microsoftonline.com/common/oauth2/v2.0/token

Headers:

Content-Type:application/x-www-url-form-urlencoded

Body: 

client_id:ABC
redirect_uri:RedirectURL
grant_type:authorization_code
client_secret:KEY
code: pasted from browser URL

I am successfully getting code in browser URL after signing in and using same code to get access token also.

User Profile/Mail Messages/Contacts Request:

Ex: I am trying to read user profile as well user mail messages.

Respective Requests:

Profile: https://graph.microsoft.com/v1.0/me/

Mail Messages: https://graph.microsoft.com/v1.0/me/messages

Header: Authorization:Bearer (AccessToken pasted from token request)

But I am getting below error whichever request in above using.

{
    "error": {
        "code": "InvalidAuthenticationToken",
        "message": "Access token validation failure.",
        "innerError": {
            "request-id": "1e232525-6772-483e-87e3-679d5fcb8fb5",
            "date": "2019-02-22T11:53:50"
        }
    }
}

I had set permissions for mail read and write , access calendars data, contacts ( Full access)

I created application in https://apps.dev.microsoft.com

Improve this question
5
  • Have you tried to validate token using jwt.ms? Commented Feb 22, 2019 at 15:03
  • Yes, I had validated token and its a valid. Commented Feb 23, 2019 at 4:16
  • You would make your life easier by using the MSAL library to do the OAuth flow for you. There are plenty of steps where you can go wrong. If you really don't want to do that, one thing I would suggest trying is to prefix your scopes with graph.microsoft.com Commented Feb 24, 2019 at 21:49
  • Yes i used scope as like you mentioned, its worked for me. Thanks. But i created app in "apps.dev.microsoft.com" and created scopes manually and used specific scope url. Ex: api://<APPID>/Mail.Read. Is this causing issue for me? will it wont work? what is wrong in this? Commented Feb 25, 2019 at 5:22
  • How ever, I am not able to get "me/contacts" data from API even though i set permissions.What could be reason. Error: Resource not found Commented Mar 3, 2019 at 7:41

1 Answer 1

Reset to default
1

The scope format should be https://graph.microsoft.com/Mail.Read Mail.ReadWrite User.Read. I tried the following, it worked.

enter image description here

To get me/contacts, you need to grant the Contacts.Read and Contacts.ReadWrtie permissions.

enter image description here

And when you required the access_token, the authorization URL should like this: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?(need to use the common to replace the tenant name).

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Yes i used scope as like you mentioned, its worked for me. Thanks. But i created app in "apps.dev.microsoft.com" and created scopes manually and used specific scope url. Ex: api://<APPID>/Mail.Read. Is this causing issue for me? will it wont work? what is wrong in this?
Yes. Expose API means you set up your app as an api, the url is your app not the ms graph api.
If it is useful for you, please help make a mark for this, thanks.
I am not able to get "me/contacts" data from API even though i set permissions.What could be reason. Error: Resource not found
@PavanKumarGVVS. I already update my answer, please have a look. thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.