search

Azure-Samples / ms-identity-python-webapp

A Python web application calling Microsoft graph that is secured using the Microsoft identity platform
MIT License
284 stars 135 forks source link

Error in Graph API Call Result #86

Closed agn-7 closed 1 year ago

agn-7 commented 2 years ago

I use the respective repository to catch some stuff from microsoft graph API. Everything goes well including loading the page and authenticating the user using microsoft OAuth but when I call the /graphcall endpoint with the default scope (i.e. "User.ReadBasic.All") I encounter the following error despite the fact that this scope has delegated permission in the microsoft azure console:

{
    "error": {
        "code": "ErrorInsufficientPermissionsInAccessToken",
        "innerError": {
            "client-request-id": "7b471bed-533c-4c6d-84cd-4425dc5c5d74",
            "date": "2022-07-06T07:48:23",
            "request-id": "7b471bed-533c-4c6d-84cd-4425dc5c5d74"
        },
        "message": "Exception of type \u0027Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException\u0027 was thrown."
    }
}
rayluo commented 1 year ago

Sorry for late response. We tried this sample recently and could not reproduce the error. Would you mind double check your configuration in app_config.py?

agn-7 commented 1 year ago

@rayluo Actually I don't remember what did I to tackle this problem at the end.

rayluo commented 1 year ago

It is OK. Based on that error "ErrorInsufficientPermissionsInAccessToken", it was probably caused by an incorrectly configured scope (permission), so that the token you obtained was not the token your downstream API was expecting.

Glad that works out for you. If you haven't already, please subscribe (by clicking the "Watch" button near the upper right corner) to receive future updates on this sample. We are revamping this sample recently.