Access to Microsoft Planner via Microsoft Graph API with multi-factor authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-1382613%22%20slang%3D%22en-US%22%3EAccess%20to%20Microsoft%20Planner%20via%20Microsoft%20Graph%20API%20with%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1382613%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22%22%3EHi%20guys%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ecurrently%20only%20delegated%20personal%20users%20are%20supported%20to%20access%20the%20%3CEM%3EMicrosoft%20Graph%20API%3C%2FEM%3E%20to%20call%20%3CEM%3EMicrosoft%20Planner%3C%2FEM%3E%20content.%20I%20want%20to%20use%20the%20%3CEM%3EMicrosoft%20Graph%20API%3C%2FEM%3E%20to%20write%20an%20sychronisation%20between%20%3CEM%3EMicrosoft%20Planner%3C%2FEM%3E%20and%20an%20external%20application.%20Normally%20I%20use%20an%20application%20permission%20for%20it%2C%20but%20this%20is%20not%20supported.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMy%20plan%3A%3C%2FSTRONG%3E%3C%2FP%3E%3COL%3E%3CLI%3ECreating%20a%20'service%20user'%20and%20this%20user%20will%20be%20added%20to%20all%20groups%20which%20are%20relevant%20for%20the%20sychronisation%3C%2FLI%3E%3CLI%3ECreate%20App%20Registration%20(Permission%20for%26nbsp%3BGroup.Read.All%2C%20Group.ReadWrite.All)%3C%2FLI%3E%3CLI%3EThe%20'service%20user'%20add%2C%20delete%2C%20update%20tasks%2Fbuckets%2Fplans%20(access%20the%20Graph%20API)%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EMy%20problem%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EUnfortunately%20our%20organisation%20policy%20uses%20the%20multi%20factor%20authentification%20because%20we%20got%20a%20official%20suggestion%20from%20Microsoft%20to%20do%20it%20(for%20security%20reasons).%20It's%20not%20an%20option%20to%20change%20this.%20If%20I%20want%20to%20'get%20a%20user%20access%20token'%20to%20access%20the%20Graph%20API%20for%20Microsoft%20Planner%20details%3C%2FP%3E%3CDIV%20class%3D%22lia-spoiler-container%22%3E%3CA%20class%3D%22lia-spoiler-link%22%20href%3D%22%23%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3ESpoiler%3C%2FA%3E%3CNOSCRIPT%3E(Highlight%20to%20read)%3C%2FNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-border%22%3E%3CDIV%20class%3D%22lia-spoiler-content%22%3E%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2F%3C%2FA%3E%3CSPAN%20class%3D%22resolvedVariable%22%3E%7B%7BTenantID%7D%7D%3C%2FSPAN%3E%2Foauth2%2Fv2.0%2Ftoken%3C%2FDIV%3E%3CNOSCRIPT%3E%3CDIV%20class%3D%22lia-spoiler-noscript-container%22%3E%3CDIV%20class%3D%22lia-spoiler-noscript-content%22%3E%3CA%20href%3D%22https%3A%2F%2Flogin.microsoftonline.com%2F%7B%7BTenantID%7D%7D%2Foauth2%2Fv2.0%2Ftoken%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2F%7B%7BTenantID%7D%7D%2Foauth2%2Fv2.0%2Ftoken%3C%2FA%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FNOSCRIPT%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%2C%20I%20get%20the%20following%20error%20message%3A%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-json%22%3E%3CCODE%3E%7B%0A%20%20%20%20%22error%22%3A%20%22invalid_grant%22%2C%0A%20%20%20%20%22error_description%22%3A%20%22AADSTS50076%3A%20Due%20to%20a%20configuration%20change%20made%20by%20your%20administrator%2C%20or%20because%20you%20moved%20to%20a%20new%20location%2C%20you%20must%20use%20multi-factor%20authentication%20to%20access%20'00000003-0000-0000-c000-000000000000'.%5Cr%5CnTrace%20ID%3A%207c204f9a-464b-42b4-bc59-f0d48a1f7e00%5Cr%5CnCorrelation%20ID%3A%20c56eedae-c6fe-4944-8d80-611fbe829080%5Cr%5CnTimestamp%3A%202020-05-12%2013%3A03%3A17Z%22%2C%0A%20%20%20%20%22error_codes%22%3A%20%5B%0A%20%20%20%20%20%20%20%2050076%0A%20%20%20%20%5D%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ESolution%3A%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20class%3D%22%22%3EThe%20problem%20seems%20to%20be%20the%20multi%20factor%20authentification.%20Is%20there%20a%20way%20to%20access%20the%20%3CEM%3EMicrosoft%20Graph%20API%3C%2FEM%3E%20for%20%3CEM%3EMicrosoft%20Planner%3C%2FEM%3E%20with%20multi%20factor%20authentification%3F%20Or%20is%20there%20another%20to%20way%20to%20access%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3EThank%20you%20in%20advance%3C%2FP%3E%3CP%20class%3D%22%22%3ETobiTheNerd%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22gtx-trans-icon%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%3E%3CDIV%20class%3D%22gtx-trans-icon%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hi guys, 

 

currently only delegated personal users are supported to access the Microsoft Graph API to call Microsoft Planner content. I want to use the Microsoft Graph API to write an sychronisation between Microsoft Planner and an external application. Normally I use an application permission for it, but this is not supported.

 

My plan:

  1. Creating a 'service user' and this user will be added to all groups which are relevant for the sychronisation
  2. Create App Registration (Permission for Group.Read.All, Group.ReadWrite.All)
  3. The 'service user' add, delete, update tasks/buckets/plans (access the Graph API)

 

My problem:

Unfortunately our organisation policy uses the multi factor authentification because we got a official suggestion from Microsoft to do it (for security reasons). It's not an option to change this. If I want to 'get a user access token' to access the Graph API for Microsoft Planner details

Spoiler
https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

, I get the following error message: 

 

 

{
    "error": "invalid_grant",
    "error_description": "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.\r\nTrace ID: 7c204f9a-464b-42b4-bc59-f0d48a1f7e00\r\nCorrelation ID: c56eedae-c6fe-4944-8d80-611fbe829080\r\nTimestamp: 2020-05-12 13:03:17Z",
    "error_codes": [
        50076
    ]
}

 

 

 

Solution: 

The problem seems to be the multi factor authentification. Is there a way to access the Microsoft Graph API for Microsoft Planner with multi factor authentification? Or is there another to way to access? 

 

Thank you in advance

TobiTheNerd

 
 
0 Replies