Feb 09 2019 12:28 AM - edited Feb 09 2019 05:42 PM
Hello, i am developing an app, nodejs, and running into http 403 when calling the https://graph.microsoft.com/v1.0/security/alerts endpoint.
I have assigned myself and my app the `security reader` and `security admin` roles. I have delegated api permission to the azure ad app `SecurityEvents.Read.All`.
I can call https://graph.microsoft.com/v1.0/security/alerts using the graph explorer no problem, but in my own app, i simply get 403.
I have consented to the popup when it was displayed the first time i signed in and called the graph..
For testing, i cal successfully call other endpoints, like
What am i missing.
Feb 23 2019 03:45 PM - edited Feb 23 2019 09:05 PM
SolutionI too am getting 403 using PowerShell while taking the same steps. The same code works for other applications, such as fetching email from exchange mailbox folders
Mar 06 2019 12:07 PM
Hi @AndrewX,
You may have changed your API permissions after giving your application admin consent. When you give admin consent, Azure AD will take a "snapshot" of the permissions at the time of consent. Then if you change the permissions later, you will need to re-do the admin consent process again.
Try typing
https://login.microsoftonline.com/common/adminconsent?client_id={YOUR-APP-ID}
into your browser window to prompt the admin consent for your application again. For more details refer to Permissions and consent in the Azure Active Directory v2.0 endpoint.
If this doesn't resolve your issue, feel free to send me a private message.
Thanks,
Edward
Jun 07 2020 10:07 PM
@Edward Koval I got the error post login when trying the OIDC example for ADAL https://github.com/Azure-Samples/active-directory-java-webapp-openidconnect/tree/master
Any idea where I can change the permissions for my app.
Jun 08 2020 10:29 AM
@anotherrohit The repo has been archived and that is for Graph API, which may be different from Graph Security API. You can also check out our Graph Security API's Quickstart samples that have authentication examples in C#, Python, Nodejs. Let us know if you still run into the issue.
Jan 19 2021 09:42 PM
Hi Ediward,
I recently implemented MS OAuth into the login system of my application.
The thing is when my server sends a request to https://graph.microsoft.com/v1.0/me with an access_token, it throws 403: Forbidden error.
What I have figured out so far is that the access token is valid as I checked in www.jwt.ms and it seems that the error is thrown only when a user's account is a school associated Microsoft account. (I myself tried logging in through my school account and it failed but other personal accounts worked just fine)
I would appreciate your insights regard this issue
Jun 06 2021 09:12 AM
Feb 23 2019 03:45 PM - edited Feb 23 2019 09:05 PM
SolutionI too am getting 403 using PowerShell while taking the same steps. The same code works for other applications, such as fetching email from exchange mailbox folders