graph-explorer | Open source graph data visualiser for Apache TinkerPop | Graph Database library

Hi all and thanks in advance for all feedback. It is much appreciated!

I use NuGet packages: Microsoft.Graph 3.27.0 Micfosoft.Graph.Auth 1.0.0

and OnBehalfOfProvider and basically just want to list users or filter to a specific one from Azure Active Directory, but I can't seem to figure out how to do the same as I am allowed to with Graph Explorer (https://developer.microsoft.com/en-us/graph/graph-explorer). With the online explorer I have no issues:

Everything fine with Graph Explorer and listing users

But in my C# .NET application when I try to do the same with scopes parameter: string[] graphScopes = { "User.Read","profile", "Sites.ReadWrite.All"}; or string[] graphScopes = { "https://graph.microsoft.com/user.read+offline_access"};

I get Status 500 Internal Server Error and these details:

"error": { "code": "generalException", "message": "Unexpected exception returned from MSAL." ... "innerException": { "classification": 4, "statusCode": 400, "claims": null, "responseBody": "{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'c0fb187f-daa8-4566-a7fb-2decd05ef980' named 'platform-test-ad'. Send an interactive authorization request for this user and resource.

And with scopes parameter: string[] graphScopes = new string[] { "https://graph.microsoft.com/.default" };

I get 403:

"error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", ... "statusCode": 403, "rawResponseBody": "{\r\n "error": {\r\n "code": "Authorization_RequestDenied",\r\n "message": "Insufficient privileges to complete the operation."

Inside Azure, Enterprice applications | User settings looks like this: Enterprice applications User settings

and my C# code looks like this:

I followed this tutorial: https://mihai-albert.com/2020/05/13/using-microsoft-graph-to-modify-excel-files-stored-in-sharepoint-online-with-c/

When I use graph-explorer and do a GET https://graph.microsoft.com/v1.0/drives/{drive-id}/root/search(q='{search-text}')?select=name,id,webUrl then I get the item id with no problem. But then when I want to get the workbook in my application

I'm trying to understand how to configure a dotnet core web app to let me sign in using a personal Microsoft account and browse my OneDrive files.

Firstly, I've used the Microsoft Graph Explorer, signed in using the account I want to use, and verified that I can browse my drive. There it tells me the query URL is https://graph.microsoft.com/v1.0/me/drive/root/children and that it's using v1.0 of the Graph API. There's even a c# code snippet tab that shows me this:

I am trying to use the request:

My outlook account at work is a member of a group called GraphTest which has email address GraphTest@companyname.net.

I'm trying to use the graph explorer to access mail in that group's inbox.

When I run the query https://graph.microsoft.com/v1.0/users/graphtest@companyname.net/messages I get the error message

Group Shard is used in non-Groups URI.

When I replace graphtest@companyname.net with my own email it works. Also I've consented to the permissions Mail.Read and Mail.Read.Shared.

What does this error message mean, and how can I fix it?

I'm trying to search file on SharePoint using Graph API. Getting the correct result on Microsoft graph-explorer but when I try with C# Getting error Status Code: 500 Reason Phrase:Internal Server Error

Response Details as below:

I am trying to filter users having certain schemaExtension and assignedPlan. But i receive an error response.

here is my request, and schemaExtension i used.

Response can be seen below.

I'm trying to execute the userinfo endpoint at https://graph.microsoft.com/oidc/userinfo using an access token received through Open ID Connect.

The response received is:

400 Bad Request

I want to have an extra claim say "mygroupsrmm" in my jwt token which I want to view post decoding the token. I am trying to add custom claims to my jwt token which I will receive post authentication using Oauth2 flow. I've already modified application manifest file for registered AAD app with

"acceptMappedClaims": true

& followed below steps:

//Step1 - Created custom policy

New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true","ClaimsSchema":[{"Source":"user","ID":"extensionattribute2","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rmmgname","JwtClaimType":"mygroupsrmm"}]} }') -DisplayName "MyGroupsRMMExtraClaims" -Type "ClaimsMappingPolicy"

//Step2 - assigned policy to my AAD registered app

$appID = <> $sp = Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq '$appID')" $policyId = <> Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policyId

Above both steps are successful, now I went ahead with authentication calls

//Step3 : GET /authorize API call

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=my-application-id-registered-in-AAD& redirect_uri=http://localhost:3000/callback&scope=openid%20profile%20email%20offline_access%20User.Read%20Files.Read

From this step, authorization code is received, which is passed on to the /token API call

//Step4: POST /token call