Calling Graph API from SharePoint Workflow

Copper Contributor

I'm attempting to create a SharePoint Add-In Integrated App Workflow that calls the Graph API.

 

I'm quite experienced at creating integrated app workflows that call the SharePoint REST API, but this is my first time using the Graph API, and seem to be coming unstuck with the authorization piece of the puzzle, whereby the SharePoint workflow HttpSend activity calling a Graph API endpoint returns the error:

 

Exception details: System.ArgumentException: JsonWebToken.Issuer != clientId@realm at Microsoft.Activities.Messaging.SendHttpRequest.OnReceiveResponse(NativeActivityContext context, Bookmark bookmark, Object value) at System.Activities.Runtime.BookmarkCallbackWrapper.Invoke(NativeActivityContext context, Bookmark bookmark, Object value) at System.Activities.Runtime.BookmarkWorkItem.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager) Exception from activity SendHttpRequest HttpGet Switch<String> Sequence Microsoft.SharePoint.WorkflowServices.Activities.CallHTTPWebService

 

I've tested the general process using a REST client in the browser, essentially calling

https://login.microsoft.com/{tenant_id}/oauth2/token

to get an access token, then a Graph call such as

https://graph.microsoft.com/v1.0/users/{principal id}/manager

with the Authorization header of "Bearer {access token}"

 

In my REST broswer client this all works fine, the Graph calls succeeds, all good.

 

Do the same using an HttpSend activity in a SharePoint Workflow and it fails on the Graph API call to get the user manager with the error above.

 

This is using a Service-to-Service flow, so I've registered my app in Azure AD, granted it the Graph permissions, got the client_id and client_secret for generating the access_token, which I presume is all working correctly as testing through the REST broswer client is using all of that. I can share the setup for that if it helps, but I can't help feel that this is a SharePoint Workflow issue (at least with the HttpSend activity). Does it need something different or additional to be able to call Graph?

 

Thanks,

Ross

3 Replies
Out of curiosity: why are you using a legacy workflow and not a Flow?

Fair question. At some point we may think of moving across to Flow, but as an organisation and we haven't worked out the governance of that yet. I don't want to start building out Flows without understanding the implications of embedded credentials, authorisation, shared flows etc. Flow still feels tied to a specific user and more 'power-user' than 'enterprise ready'. I can see it ultimately being the way forward, especially for workflows that cross multiple O365 services. Currently though, if the workflow is predominantly interacting with SharePoint, we build it as an integrated app workflow.

@Ross McLean : Did you found solution to this problem ? I am also facing such challenges so your solution can help me.


@Ross McLean wrote:

Fair question. At some point we may think of moving across to Flow, but as an organisation and we haven't worked out the governance of that yet. I don't want to start building out Flows without understanding the implications of embedded credentials, authorisation, shared flows etc. Flow still feels tied to a specific user and more 'power-user' than 'enterprise ready'. I can see it ultimately being the way forward, especially for workflows that cross multiple O365 services. Currently though, if the workflow is predominantly interacting with SharePoint, we build it as an integrated app workflow.