Authorization_RequestDenied on Azure Functions Microsoft Graph Request












1















I have a very basic azure function:



#r "Newtonsoft.Json"



using System.Net;

using System.Net.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Primitives;

using Newtonsoft.Json;



public static async Task<IActionResult> Run(HttpRequest req, string authToken, ILogger log)

{

    string msgId = req.Query["messageId"];



    string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

    dynamic data = JsonConvert.DeserializeObject(requestBody);

    msgId = msgId ?? data?.messageId;



    if (string.IsNullOrEmpty(msgId))

        return new BadRequestObjectResult("Please pass a messageId on the query string or in the request body");



    // access me via graph

    using (var client = new HttpClient())

    {

        client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authToken);

        var response = await client.GetAsync("https://graph.microsoft.com/v1.0/users/*****/mailFolders/inbox/messages/" + msgId);

        string retResp = await response.Content.ReadAsStringAsync();

        log.LogInformation(retResp);

    }



    return new OkObjectResult(msgId);

}


The Auth token is provided by the azure function Auth token binding:
Auth token Input binding



However i always get the following answer from Microsoft graph:



{

    "error": {

        "code": "Authorization_RequestDenied",

        "message": "Insufficient privileges to complete the operation.",

        "innerError": {

            "request-id": "24a1e799-2f9f-4452-8d46-20d4e3db160d",

            "date": "2019-01-02T07:39:15"

        }

    }

}


And yes: The admin consented and i even tried to give all available permissions to the app and consented, but i still get the same message. Do you have any idea how i can validate the token or get more Information?






azure microsoft-graph azure-functions







share|improve this question























  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44
















1















I have a very basic azure function:



#r "Newtonsoft.Json"



using System.Net;

using System.Net.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Primitives;

using Newtonsoft.Json;



public static async Task<IActionResult> Run(HttpRequest req, string authToken, ILogger log)

{

    string msgId = req.Query["messageId"];



    string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

    dynamic data = JsonConvert.DeserializeObject(requestBody);

    msgId = msgId ?? data?.messageId;



    if (string.IsNullOrEmpty(msgId))

        return new BadRequestObjectResult("Please pass a messageId on the query string or in the request body");



    // access me via graph

    using (var client = new HttpClient())

    {

        client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authToken);

        var response = await client.GetAsync("https://graph.microsoft.com/v1.0/users/*****/mailFolders/inbox/messages/" + msgId);

        string retResp = await response.Content.ReadAsStringAsync();

        log.LogInformation(retResp);

    }



    return new OkObjectResult(msgId);

}


The Auth token is provided by the azure function Auth token binding:
Auth token Input binding



However i always get the following answer from Microsoft graph:



{

    "error": {

        "code": "Authorization_RequestDenied",

        "message": "Insufficient privileges to complete the operation.",

        "innerError": {

            "request-id": "24a1e799-2f9f-4452-8d46-20d4e3db160d",

            "date": "2019-01-02T07:39:15"

        }

    }

}


And yes: The admin consented and i even tried to give all available permissions to the app and consented, but i still get the same message. Do you have any idea how i can validate the token or get more Information?






azure microsoft-graph azure-functions







share|improve this question























  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44














1












1








1








I have a very basic azure function:



#r "Newtonsoft.Json"



using System.Net;

using System.Net.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Primitives;

using Newtonsoft.Json;



public static async Task<IActionResult> Run(HttpRequest req, string authToken, ILogger log)

{

    string msgId = req.Query["messageId"];



    string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

    dynamic data = JsonConvert.DeserializeObject(requestBody);

    msgId = msgId ?? data?.messageId;



    if (string.IsNullOrEmpty(msgId))

        return new BadRequestObjectResult("Please pass a messageId on the query string or in the request body");



    // access me via graph

    using (var client = new HttpClient())

    {

        client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authToken);

        var response = await client.GetAsync("https://graph.microsoft.com/v1.0/users/*****/mailFolders/inbox/messages/" + msgId);

        string retResp = await response.Content.ReadAsStringAsync();

        log.LogInformation(retResp);

    }



    return new OkObjectResult(msgId);

}


The Auth token is provided by the azure function Auth token binding:
Auth token Input binding



However i always get the following answer from Microsoft graph:



{

    "error": {

        "code": "Authorization_RequestDenied",

        "message": "Insufficient privileges to complete the operation.",

        "innerError": {

            "request-id": "24a1e799-2f9f-4452-8d46-20d4e3db160d",

            "date": "2019-01-02T07:39:15"

        }

    }

}


And yes: The admin consented and i even tried to give all available permissions to the app and consented, but i still get the same message. Do you have any idea how i can validate the token or get more Information?






azure microsoft-graph azure-functions







share|improve this question














I have a very basic azure function:



#r "Newtonsoft.Json"



using System.Net;

using System.Net.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.Extensions.Primitives;

using Newtonsoft.Json;



public static async Task<IActionResult> Run(HttpRequest req, string authToken, ILogger log)

{

    string msgId = req.Query["messageId"];



    string requestBody = await new StreamReader(req.Body).ReadToEndAsync();

    dynamic data = JsonConvert.DeserializeObject(requestBody);

    msgId = msgId ?? data?.messageId;



    if (string.IsNullOrEmpty(msgId))

        return new BadRequestObjectResult("Please pass a messageId on the query string or in the request body");



    // access me via graph

    using (var client = new HttpClient())

    {

        client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authToken);

        var response = await client.GetAsync("https://graph.microsoft.com/v1.0/users/*****/mailFolders/inbox/messages/" + msgId);

        string retResp = await response.Content.ReadAsStringAsync();

        log.LogInformation(retResp);

    }



    return new OkObjectResult(msgId);

}


The Auth token is provided by the azure function Auth token binding:
Auth token Input binding



However i always get the following answer from Microsoft graph:



{

    "error": {

        "code": "Authorization_RequestDenied",

        "message": "Insufficient privileges to complete the operation.",

        "innerError": {

            "request-id": "24a1e799-2f9f-4452-8d46-20d4e3db160d",

            "date": "2019-01-02T07:39:15"

        }

    }

}


And yes: The admin consented and i even tried to give all available permissions to the app and consented, but i still get the same message. Do you have any idea how i can validate the token or get more Information?






azure microsoft-graph azure-functions




azure microsoft-graph azure-functions






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 2 at 7:49









LaurinStLaurinSt

407618




407618













  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44



















  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44

















okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

– LaurinSt
Jan 2 at 9:44





okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

– LaurinSt
Jan 2 at 9:44












1 Answer
1






active

oldest

votes


















2














it looks like your AAD app is not configured properly - in order to read Outlook messages, you need to have Mail.Read permission. You can check it from "Auth Token Input" section on your page (which is showing "Loading" on your screenshot). It should look similar to this below (with different permissions configured).
Also, you might try using "Client From Request" option in your "Identity" dropdown.



enter image description here



Whenever you change permission scopes, you should re-consent the app by visiting this URL in browser and accepting the access requirement: https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent






share|improve this answer


























  • Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

    – LaurinSt
    Jan 2 at 9:42











  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44











  • it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

    – LaurinSt
    Jan 2 at 10:41






  • 1





    could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

    – Dragan Panjkov
    Jan 2 at 12:37






  • 1





    thank, you very valuable Input! that did it.

    – LaurinSt
    Jan 2 at 13:06











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002912%2fauthorization-requestdenied-on-azure-functions-microsoft-graph-request%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














it looks like your AAD app is not configured properly - in order to read Outlook messages, you need to have Mail.Read permission. You can check it from "Auth Token Input" section on your page (which is showing "Loading" on your screenshot). It should look similar to this below (with different permissions configured).
Also, you might try using "Client From Request" option in your "Identity" dropdown.



enter image description here



Whenever you change permission scopes, you should re-consent the app by visiting this URL in browser and accepting the access requirement: https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent






share|improve this answer


























  • Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

    – LaurinSt
    Jan 2 at 9:42











  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44











  • it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

    – LaurinSt
    Jan 2 at 10:41






  • 1





    could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

    – Dragan Panjkov
    Jan 2 at 12:37






  • 1





    thank, you very valuable Input! that did it.

    – LaurinSt
    Jan 2 at 13:06
















2














it looks like your AAD app is not configured properly - in order to read Outlook messages, you need to have Mail.Read permission. You can check it from "Auth Token Input" section on your page (which is showing "Loading" on your screenshot). It should look similar to this below (with different permissions configured).
Also, you might try using "Client From Request" option in your "Identity" dropdown.



enter image description here



Whenever you change permission scopes, you should re-consent the app by visiting this URL in browser and accepting the access requirement: https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent






share|improve this answer


























  • Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

    – LaurinSt
    Jan 2 at 9:42











  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44











  • it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

    – LaurinSt
    Jan 2 at 10:41






  • 1





    could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

    – Dragan Panjkov
    Jan 2 at 12:37






  • 1





    thank, you very valuable Input! that did it.

    – LaurinSt
    Jan 2 at 13:06














2












2








2







it looks like your AAD app is not configured properly - in order to read Outlook messages, you need to have Mail.Read permission. You can check it from "Auth Token Input" section on your page (which is showing "Loading" on your screenshot). It should look similar to this below (with different permissions configured).
Also, you might try using "Client From Request" option in your "Identity" dropdown.



enter image description here



Whenever you change permission scopes, you should re-consent the app by visiting this URL in browser and accepting the access requirement: https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent






share|improve this answer















it looks like your AAD app is not configured properly - in order to read Outlook messages, you need to have Mail.Read permission. You can check it from "Auth Token Input" section on your page (which is showing "Loading" on your screenshot). It should look similar to this below (with different permissions configured).
Also, you might try using "Client From Request" option in your "Identity" dropdown.



enter image description here



Whenever you change permission scopes, you should re-consent the app by visiting this URL in browser and accepting the access requirement: https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 2 at 12:39

























answered Jan 2 at 8:09









Dragan PanjkovDragan Panjkov

2,75942223




2,75942223













  • Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

    – LaurinSt
    Jan 2 at 9:42











  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44











  • it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

    – LaurinSt
    Jan 2 at 10:41






  • 1





    could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

    – Dragan Panjkov
    Jan 2 at 12:37






  • 1





    thank, you very valuable Input! that did it.

    – LaurinSt
    Jan 2 at 13:06



















  • Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

    – LaurinSt
    Jan 2 at 9:42











  • okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

    – LaurinSt
    Jan 2 at 9:44











  • it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

    – LaurinSt
    Jan 2 at 10:41






  • 1





    could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

    – Dragan Panjkov
    Jan 2 at 12:37






  • 1





    thank, you very valuable Input! that did it.

    – LaurinSt
    Jan 2 at 13:06

















Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

– LaurinSt
Jan 2 at 9:42





Hi Dragan Thank you very much. as you can see i think there should be quite enough permissions, don't you think? 1drv.ms/u/s!Au1yIMuJAn7vjeEotpbSU2WxnkpvAg

– LaurinSt
Jan 2 at 9:42













okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

– LaurinSt
Jan 2 at 9:44





okey, it seems i Need to say sorry. it just took a while till the permissions were reflected. Maybe a Cache needed to expire.

– LaurinSt
Jan 2 at 9:44













it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

– LaurinSt
Jan 2 at 10:41





it is too weird. Now it stopped again working, same message. didn't Change anything, just did many requests and a lot of Debugging. Maybe it starts to work again. i don't get it.

– LaurinSt
Jan 2 at 10:41




1




1





could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

– Dragan Panjkov
Jan 2 at 12:37





could it be that your token expired? if you are modifying permissions a lot, you might want to re-consent the application using https://<yourfunctionapphost>.azurewebsites.net/.auth/login/aad?prompt=consent endpoint in the function app

– Dragan Panjkov
Jan 2 at 12:37




1




1





thank, you very valuable Input! that did it.

– LaurinSt
Jan 2 at 13:06





thank, you very valuable Input! that did it.

– LaurinSt
Jan 2 at 13:06




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54002912%2fauthorization-requestdenied-on-azure-functions-microsoft-graph-request%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

MongoDB - Not Authorized To Execute Command

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
Read more

How to fix TextFormField cause rebuild widget in Flutter

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
Read more

in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

Image
1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
Read more