0

List SCOPES = Arrays.asList("https://graph.microsoft.com/.default"); final ClientSecretCredential credential = new ClientSecretCredentialBuilder() .clientId(applicationId) .clientSecret(secret) .tenantId(tenantId) .build(); final TokenCredentialAuthProvider authProvider_new = new TokenCredentialAuthProvider(SCOPES, credential);

    GraphServiceClient graphClient = GraphServiceClient
            .builder()
            .authenticationProvider(authProvider)
            .buildClient();

    graphClient.users().buildRequest().get();

With

compile group: 'com.microsoft.azure', name: 'azure-spring-boot', version: '2.3.5'

compile group: 'com.google.guava', name: 'guava', version: '28.2-jre'

compile group: 'com.azure', name: 'azure-identity', version: '1.2.5'
compile group: 'com.microsoft.graph', name: 'microsoft-graph', version: '3.5.0'

I've added all the necessary permissions to the application, and it's been consented in Active Directory, but same response.

It works using this code, after I sign in with a user account: final DeviceCodeCredential credential1 = new DeviceCodeCredentialBuilder() .clientId(applicationId) .challengeConsumer(challenge -> System.out.println(challenge.getMessage())) .build();

But I want to use ClientSecretCredential and use the client secret, not create a challenge.

Update: The error message I get is

SEVERE: Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: Authorization_RequestDenied
Error message: Insufficient privileges to complete the operation.

GET https://graph.microsoft.com/v1.0/users
SdkVersion : graph-java/v3.5.0


403 : Forbidden

Here's a link of the permissions the app has in API Permissions

I also have the following permissions to Azure Rights Management Services in case it helps Application.Read.All, Content.DelegatedReader, Content.SuperUser

Improve this question
3
  • Can you please add the operation detail that you are trying to perform like get users etc. And what are the application api permissions you have added for the service principal? Commented Oct 29, 2021 at 20:42
  • Also please add the full error details including request id and timestamp without personal information. Commented Nov 1, 2021 at 8:26
  • Thanks for your replies, I've updated the question with those details. Commented Nov 1, 2021 at 9:54

1 Answer 1

Reset to default
1

Based on your granted permission you missed the User.ReadWrite and User.ReadWrite.All Please add that permission .

For more details refer this document:

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Excellent, that worked, yeah I had Delegated type permissions, but not Application. It's quite obvious now, but I didn't read anything about that in the docs. Thanks ShrutiJoshi-MT
If you have the Delegated permissions then User.ReadWrite permission must be be added. For more information please refer the document mentioned in the answer.
If the answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.