Graph API get issues with personal 365 account

[ubergeekseven]

I have been struggling to figure out what the issue is. In explorer I can get onenote and todo and create/modify. I have the app setup functioning with oauth and token works. I have created the list of permissions in my app as well as modified the app_config to include the scope needed for access and even more just because of this issue. I searched and experimented for 8 hours before writing here because I cannot find anything conclusive to explain the behavior.

I have everything set up with my personal 365 account. using the graph endpoints for testing, I am attempting to simply list my notebooks from onenote. If I use the https://graph.microsoft.com/v1.0/me/onenote/sections/0------------/pages endpoint, I get "Onedrive for Business for this user account cannot be retrieved"

if I use the users/user-email endpoint, i get an error stating that "The tenant does not have a valid sharepoint license"

Do I need licensing for sharepoint or enterprise to use these fetaures?

When using the explorer, I thought this was going to be easy. Not only does the error not make sense, I cannot find anything online describing the issue or how to resolve. Why do all explorer features work without reporting anything like this?

I am close to giving up on graph altogether. I just want to write to onenote pages with my chatbot and create todo entries.

[rayluo]

Sorry to hear about your sub-optimal experience, @ubergeekseven .

Since you were creating this github issue in this Python Webapp sample repo, were you trying to develop a web app in Python? This repo/sample boils down to a set of configurations. If you were able to share your configuration (sans your app credential) with us, together with "repro steps", "what was expected", "what I saw instead", we might be able to reproduce it. But ultimately, this sample and its underlying libraries do not determine the outcome. It is determined by your app's setup. I suspect that the explorer might be using a different app (with different client_id).

CCing @localden to see if there are any other contact has the expertise in this "Graph API with personal 365 account" area.

[ubergeekseven]

I will share my config without my personal identifying secrets as soon as I can. I've spent the weekend attempting to get this simple thing working and that issue post was my last gasp. I'm using the default python setup generated by the the docs I found. I used the default to test and got back basic account information. Went on from there to add more to the scope. And looped for hours attempting to get actual access. Oauth works no problem.

I do not mean to push but, there isn't anything documented that I found over at least 4 years of forums across anything that explains how or why I can't request the access. I have given permissions in my setup, authenticated with oauth and can get basic information printed but get errors that nothing explains. Not a single web search will return with valid information.

I am only using msal for authentication. Not the beta library for graph. My entra id setup has all checks in the suggested setup check other than one because I'm not using certs for testing. I'm doing a simple call and I'm guessing it's a licensing thing because that's generally what I see working in enterprise nowadays. Microsoft is huge, I get it. The 4000 layers of complexity and mixed code across however many products, services and developers that exist today have built a skyscraper of spaghetti. Nothing is straight forward there and something as simple as an API call to list notebooks of an authenticated user becomes a mountain in front of an ant.

[ubergeekseven]

I finally had more time to try something else. I work for a company that has enterprise licensing so I thought I could use this as a test to see if this type of licensing is needed to perform the api calls. Ultimate goal is to create, read and write to notebooks as well as to todo.

I pulled up my personal entra setup and then in my enterprise entra setup I registered a new app with exactly the same settings, other than the obvious tennant id, client secret and app id.

took my current code and dropped in the enterprise app information to authenticate. Worked first time.

My ntire point with this issue is that microsoft does not, in any way, let you know that you need certain licensing to get this functioning. If they do, it is buried somewhere dark an impossible to find. Something should be added as a banner with the rest of the banners that are constantly presented within entra to upgrade things or enable certain other things, to say that this account does not have the ability without whatever is needed.

I do not know what is needed to make this work for personal 365 customers with entra setups. The explorer could even have a banner saying that this api call will work in explorer but not with an external api call until you purchase something else and then link to that. Same for the entra interface with all the warnings. Better yet, in the integration assistant. It walks through almost everything, why not if the account will work?

I know you are not the marketing team or whatever it is that does this but, realize that entire days are wasted by omission of information that seems obvious to explain customers.

So if anyone searches for this same issue, it seems it is a licensing thing and no idea what I need to do to set it up.

[rayluo]

Thanks for sharing your experience, @ubergeekseven . What you suggested makes sense.

I, as the owner of this sample repo here, can convert this issue into a Q&A so that at least it will not be hidden in the dark (i.e., a pile of closed issues). Meanwhile, I would suggest you to also send your suggestion via the online feedback links baked into many of the Microsoft web-based systems, such as Azure Portal itself. That will probably draw the attention from the proper teams.