I’m having trouble with the MS Graph API. My code gets an access token but when I try to use it, I get this error: “NoPermissionsInAccessToken The token contains no permissions, or permissions can not be understood.”
Here’s a simplified version of what I’m doing:
var app = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(secretValue)
.WithTenantId(tenantId)
.Build();
var token = app.AcquireTokenForClient(new[] { "https://graph.microsoft.com/.default" })
.ExecuteAsync()
.Result
.AccessToken;
var graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(req =>
{
req.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
return Task.CompletedTask;
}));
var events = graphClient.Me.Calendar.CalendarView
.Request(new[] {
new QueryOption("startDateTime", "2023-05-01"),
new QueryOption("endDateTime", "2023-05-07")
})
.OrderBy("start/dateTime")
.Top(3)
.GetAsync()
.Result;
I’ve set up the app registration and given it Calendars.Read and Calendars.Read.Shared permissions. The token looks okay - it’s pretty long. Any ideas what might be causing this? Thanks for any help!
hey mate, had similar troubles. make sure ur app registration is set up right in azure portal. check if the permissions are actually Application and not Delegated. also, try using specific scopes instead of .default when getting the token. that fixed it for me. good luck!
I encountered a similar issue while working with the MS Graph API. I found that the problem often stems from how the token is requested. Rather than using ‘.default’, it can help to specify the permissions you need explicitly. In my experience, ensuring that the API permissions are set as Application type rather than Delegated in the app registration helped resolve the issue. For example, modifying your token request as follows:
var scopes = new[] { "https://graph.microsoft.com/Calendars.Read", "https://graph.microsoft.com/Calendars.Read.Shared" };
var token = app.AcquireTokenForClient(scopes).ExecuteAsync().Result.AccessToken;
Also, double-check that admin consent has been granted in the portal and consider using async methods instead of .Result to avoid potential deadlocks. I hope this helps.
I’ve dealt with this issue before. The problem might be in how you’re authenticating. Since you’re using ConfidentialClientApplicationBuilder, you’re likely aiming for app-only access. In this case, the ‘Me’ endpoint won’t work as it’s for delegated permissions.
Try modifying your request to use an endpoint that supports application permissions, like:
Also, ensure you’ve granted admin consent for the application permissions in Azure AD. Sometimes, the permissions are added but not consented to, which can cause this error.
Lastly, double-check your app’s manifest in Azure AD. Make sure the ‘allowPublicClient’ property is set to false for confidential client applications.