User query $filter ignores identities/issuer - MS Graph API and Azure B2C
Hello everyone: We’re using the MS Graph API /users endpoint to query user accounts in our Azure B2C tenant. The $filter parameter doesn’t seem to filter Users correctly when filtering on the issuer property in the identities collection (used in identities/any(x:x/issuer)- the supplied issuer string value is ignored. Here’s an example of a query where the endpoint returned results matching the email address in issuerAssignedId even though the filter’s identities/issuer filter value contained only a whitespace character: Request GET https://graph.microsoft.com/v1.0/users?$select=id,displayName,identities&$top=999&$filter=identities/any(x:x/issuerAssignedId eq 'myusername@mycompany.onmicrosoft.com' and x/issuer eq ' ') Response { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,identities)", "value": [ { "id": "e2349f30-7778-4e60-86f6-254096886f84", "displayName": "trusted-user", "identities": [ { "signInType": "emailAddress", "issuer": "myb2cissuer.onmicrosoft.com", "issuerAssignedId": "myusername@mycompany.onmicrosoft.com" }, { "signInType": "userPrincipalName", "issuer": "myb2cissuer.onmicrosoft.com", "issuerAssignedId": "e2349f30-7778-4e60-86f6-254096886f84@myb2cissuer.onmicrosoft.com" } ] } ] } I understand that this form of query filter expression on the User’s identities collection requires that both issuer and issuerAssignedId are specified. @FaithOmbongi (MS Graph Docs on Github) mentioned that this is caused by a known bug but didn’t include any reference to the bug, or tracking details, nor any indication of when it will be resolved: “This is a known bug currently in Engineering's queue for resolution. Closing this issue for now.“ - @FaithOmbongi - from: $filter is not working properly for user identities · Issue #11094 · microsoftgraph/microsoft-graph-docs ( http://github.com/) Could we please receive some info/feedback on this issue? This is a blocking issue for us. Is it still a confirmed bug or are we calling the MS Graph API incorrectly? BTW Apologies if I've asked this question in the wrong forum. Also, this same issue has been raised elsewhere but it still remains unanswered: https://techcommunity.microsoft.com/t5/microsoft-graph/microsoft-graph-filtering-on-identities/m-p/1744549 https://github.com/microsoftgraph/microsoft-graph-docs/issues/11094 https://stackoverflow.com/questions/65209716/is-issuer-both-required-and-ignored-when-querying-users-by-identity/65396990#65396990 UPDATE: BTW If anyone is interested in following a related discussion on the MS Q&A forum, please see: https://docs.microsoft.com/en-us/answers/questions/826199/user-query-filter-ignores-identitiesissuer-ms-grap.html
MSGraph API call blocked by "CORS policy"
I'm integrating UI Integration Cards into SAP Work Zone, and I'm trying to show data from Microsoft Outlook by calling the Microsoft Graph API. The problem now is that I need to request the /authorize and /token endpoint from the Microsoft Identity Platform to authorize the user and receive an access token to make requests to the Microsoft Graph API. But when calling either endpoint, I get the error: "Access to fetch at '(requested URL)' from origin'(my URL) has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled." I also tried calling the API with the 'no-cors' mode in the fetch function, but I got an 400 (Bad Request) response. Is there a way to surpass getting blocked by the CORS policy? Maybe with some sort of "proxy" in Azure AD or so?
Invalid S2S auth token error for API requests
Hi, We are using Microsoft Graph API periodically to fetch information like directory audits and incidents. Every hour or so the request returns the following error with status code 403: Invalid S2S auth token: miseHost.HandleAsync did not succeed or AuthenticationTicket is null: MISE12034: AuthenticationTicketProvider Name:AuthenticationTicketProvider, GetVersion:1.8.0.0. , at Microsoft.Identity.ServiceEssentials.MiseHost`1.<AuthenticateRequestAsync>d__39.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Identity.ServiceEssentials.MiseHost`1.<HandleAsync>d__38.MoveNext() When we retry the request again, it returns without an issue. Appreciate your support, Hagar
429 throttling even though I wait for each request to complete
I am using the Graph API in SPFx (MSGraphClient). I need to add events to a user calendar (usually between 10 and 20 for the month). Unfortunately, https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits (!). To try and prevent concurrent events, I am executing the requests one at a time, with an await expression: for (let i = 0; i < locks.length; i++) { let lock = locks[i]; await props.context.msGraphClientFactory.getClient() .then((client: MSGraphClient😞 void => { client .api("/me/events") .post({ "subject":... This doesn't work, I am still getting 429 throttling message even though the requests are not concurrent. What am I missing here, and what would be the proper way to handle the situation?Using Microsoft Graph API on Outlook calendar without checking inside private events
Hi. I have a question on how Microsoft Graph API works when collecting users' private events (only visible to him/herself) from outlook. I'd like to collect sets of occupied time of users' calendars in my organization for automated meeting arrangement, but for private concerns I'm compelled to achieve it without being able to see the contents of private events.(i.e. Meeting title, those involved and description) Such scopes as Calendars.Read allow me to even check inside the private events. Is there any alternative usage on Microsoft Graph API to avoid it to get only occupied time sets? Thank you. c.f. https://docs.microsoft.com/ja-jp/graph/api/calendar-get?view=graph-rest-1.0&tabs=http
Error when doing query for drives on Sharepoint using Microsoft Graph in C#
I have this line of code Running on an app registration with these permissions In a basic .NET Core 7 app with added Microsoft.Graph client configured like this Sometimes this finds a drive for a given folderName successfully and other times, for the exact same folder name, it throws a general exception. It returns exception: General exception while processing at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponse(HttpResponseMessage response, Dictionary`2 errorMapping, Activity activityForAttributes, CancellationToken cancellationToken) at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken) at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken) at Microsoft.Graph.Drives.Item.SearchWithQ.SearchWithQRequestBuilder.GetAsSearchWithQGetResponseAsync(Action`1 requestConfiguration, CancellationToken cancellationToken) What am I missing? Thanks in advance!
Create AD group with owners and members with python graph SDK
from msgraph import GraphServiceClient from msgraph.generated.models.group import Group graph_client = GraphServiceClient(credentials, scopes) request_body = Group( description = "Group with designated owner and members", display_name = "Operations group", group_types = [ ], mail_enabled = False, mail_nickname = "operations2019", security_enabled = True, additional_data = { "owners@odata_bind" : [ "https://graph.microsoft.com/v1.0/users/26be1845-4119-4801-a799-aea79d09f1a2", ], "members@odata_bind" : [ "https://graph.microsoft.com/v1.0/users/ff7cb387-6688-423c-8188-3da9532a73cc", "https://graph.microsoft.com/v1.0/users/69456242-0067-49d3-ba96-9de6f2728e14", ], } ) result = await graph_client.groups.post(request_body) Im following this example to create Azure AD security group with owners and members, But the group is created without the members and additional owners provided. Im following the below doc: https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=python#example-2-create-a-group-with-owners-and-members The Group object has members and owners parameter, should that be used instead? If so is there any example for that?
Is it possible to insert an actionable message in an existing email message?
I want to insert an actionable message in an existing email using Microsoft Graph API. The message to be rewritten does not contain an actionable message. Is it possible to insert an existing actionable message in an existing email message? When I update the message with the API, the body of the message is modified but the actionable message does not appear. I have the impression that Outlook checks the presence and interprets the actionable message when it receives the email. But when I edit an existing message, it will not check the existence of an actionable message. I tested the following cases: Send a new message containing the same body -> it works Modify an existing actionable message -> it works with https://learn.microsoft.com/en-us/outlook/actionable-messages/adaptive-card#refresh-cards Modify an existing emailMessage with random body without actionable message-> It works The debugger's diagnostics show me this : {"CardEnabledForMessage": false, "ClientName": "OutlookWebApp", "ClientVersion": "20221111004.15", "InternetMessageId": "<email address removed for privacy reasons>", "EntityExtractionSuccess": true, -"AdaptiveCardPayload": { "found": true, "type": "AdaptiveCard" }, -"MessageCardPayload": { "found": false, "type": null }, -"AuthHeader": { "results": "dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=fakedomain.onmicrosoft.com;", "authAs": "Internal" } } Code for path message : def update_message( self, data: DataEvent, office_message_body: OfficeMessageBody ) -> int: """ https://learn.microsoft.com/en-us/graph/api/message-update?view=graph-rest-1.0&tabs=http#http-request """ url = f"/users/{data.id_user}/messages/{data.id_message}" response = self.microsoft_api.patch( url=url, json={"body": office_message_body.dict()}, headers={ "CARD-UPDATE-IN-BODY": "true", }, ) return response.status_code Content of body : <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <script type="application/adaptivecard+json">{ "type": "AdaptiveCard", "version": "1.0", "originator": "DONT_DISPLAY_IN_STACKOVERFLOW", "body": [ { "type": "TextBlock", "text": "Visit the Outlook Portal", "size": "large" }, { "type": "TextBlock", "text": "Click **Learn More** to learn more about Actionable Messages!" }, { "type": "Input.Text", "id": "feedbackText", "placeholder": "Let us know what you think about Actionable Messages" } ] } </script> </head> <body> test Modify message </body> </html> Thank you 🙂
