Get Accesstoken from Connect-MgGraph
Hello there I am using the PowerShell Graph SDK and connecting using the connect-mggraph cmdlet to authenticate to Azure (manual Login). I am assuming, this cmdlet somehow creates something like a temporary app registration and uses this for every further action. Now my question is, if I can somehow get to the access token that the SDK is using on behalf of my User. I then want to make calls to the Graph API with the invoke-restMethod cmdlet
SDK command error - "The input is not a valid Base-64 string..."
Whenever I perform ANY SDK command (i.e. get-Mguser, invoke-MgGraphrequest), I receive the following error. Example 1: Get-MgUser : The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. At line:2 char:1 + Get-MgUser -Filter "userPrincipalName eq '$UPN'" + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-MgUser_List1], FormatException + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Cmdlets.GetMgUser_List1 Example2: Invoke-MgGraphRequest : The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. At line:4 char:14 + ... response = (Invoke-MgGraphRequest -Uri $uri -Headers $headers -Method ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Invoke-MgGraphRequest], FormatException + FullyQualifiedErrorId : NotSpecified,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest I am able to perform connect-mggraph and obtain the -scopes needed. I have done the following (and searched for the past few days): Executed VSCode/Poweshell ISE/pwsh.exe with Administrator privs Removed microsoft.graph modules and reinstalled version 1.10 I do not recall when this error began, but it's probably within the past week. I'm using Graph Explorer without error of course. I've had 2 Windows 10 updates on 6/20/2022. KB5014699 and Servicing Stack 10.0.19401.1737. I realize "It works on my machine. What did you do to yours" is the most common answer. 🙂 Any guidance, workaround, solutions to try would be most welcome.Get-MgProfile : The term 'Get-MgProfile' is not recognized as the name of a cmdlet, function, script
Hi everyone, The cmdlet Get-MgProfile is no longer available after updating to v2.1.0 Even the link is no longer available: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.people/get-mguserprofile What is the replacement Graph SDK cmdlet to get the existing Microsoft Graph PowerShell SDK connection profile name? Thanks in advance.
SharePoint Librarys: Graph API Get items
Hey, i wanna list all the items that are in a SharePoint library which is the root library of a Teamsite. In the Graph API documentation i have found the following to "List children of a driveItem". Which seems to be what i need. I'm using the Graph Explorer v1.0, i get an empty value. GET /drives/{drive-id}/items/{item-id}/children { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('[Redacted]')/items('[Redacted]')/children", "value": [] } When getting the metadata of a drive (Get a DriveItem resource) I get the follwoing result. GET /drives/{drive-id}/items/{item-id}/ { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('[Redacted]')/items/$entity", "createdDateTime": "2018-06-29T06:58:41Z", "id": "[Redacted]", "lastModifiedDateTime": "2021-02-01T11:44:01Z", "name": "root", "webUrl": "[Redacted]", "size": 14251577828, "parentReference": { "driveId": "[Redacted]", "driveType": "documentLibrary" }, "fileSystemInfo": { "createdDateTime": "2018-06-29T06:58:41Z", "lastModifiedDateTime": "2021-02-01T11:44:01Z" }, "folder": { "childCount": 17 }, "root": {} } So instead of the first result to be empty I'm expecting to get at least the 17 Children on the first level. I'd really appreciate any pointers as to what I'm doing wrong. Thanks EDIT: I created a new Teamsite in that Tenant and got the same results. /drives/[Drive-id-Redacted]/items/[item-id-redacted]/children { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('Redacted')/items('Redacted')/children", "value": [] } I also did the same exact steps on another Tenant. Were i got the expected results. Everything on the first level of the document library was returned (empty folders, folders with content & files). GET drives/[drive-id-Redacted]/items/[item-id-Redacted]/children { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b%21AkpyLC5wkUKil3rDWQGKATkY1dsy_8VBn4bwuhbxbzG5iis7JuCiTYx7InpDx1E7')/items('0165NKSCF6Y2GOVW7725BZO354PWSELRRZ')/children", "value": [ { "createdDateTime": "2021-02-01T08:07:32Z", "eTag": "\"{Redacted},1\"", "id": "Redacted", "lastModifiedDateTime": "2021-02-01T08:07:32Z", "name": "_Test_Folder", "webUrl": "https://Redacted.sharepoint.com/sites/PowerAppsFunktionen/Freigegebene%20Dokumente/_Test_Folder", "cTag": "\"c:{Redacted},0\"", "size": 0, "createdBy": { "user": { "email": "mmuster@Redacted.com", "id": "Redacted", "displayName": "Max Muster" } }, "lastModifiedBy": { "user": { "email": "mmuster@Redacted.com", "id": "Redacted", "displayName": "Max Muster" } }, "parentReference": { "driveId": "Redacted", "driveType": "documentLibrary", "id": "Redacted", "path": "/drives/Redacted/root:" }, "fileSystemInfo": { "createdDateTime": "2021-02-01T08:07:32Z", "lastModifiedDateTime": "2021-02-01T08:07:32Z" }, "folder": { "childCount": 0 } }, { "createdDateTime": "2021-01-14T08:14:40Z", "eTag": "\"{Redacted},1\"", "id": "Redacted", "lastModifiedDateTime": "2021-01-14T08:14:40Z", "name": "Ordner", "webUrl": "https://Redacted.sharepoint.com/sites/PowerAppsFunktionen/Freigegebene%20Dokumente/Ordner", "cTag": "\"c:{Redacted},0\"", "size": 367581, "createdBy": { "user": { "email": "mmuster@Redacted.onmicrosoft.com", "id": "Redacted", "displayName": "Max Muster" } }, "lastModifiedBy": { "user": { "email": "mmuster@Redacted.onmicrosoft.com", "id": "Redacted", "displayName": "Max Muster" } }, "parentReference": { "driveId": "Redacted", "driveType": "documentLibrary", "id": "Redacted", "path": "/drives/Redacted/root:" }, "fileSystemInfo": { "createdDateTime": "2021-01-14T08:14:40Z", "lastModifiedDateTime": "2021-01-14T08:14:40Z" }, "folder": { "childCount": 22 } }, { "@microsoft.graph.downloadUrl": "https://Redacted.sharepoint.com/sites/PowerAppsFunktionen/_layouts/15/download.aspx?Redacted&ApiVersion=2.0", "createdDateTime": "2020-11-05T22:17:07Z", "eTag": "\"{Redacted},9\"", "id": "Redacted", "lastModifiedDateTime": "2020-11-06T10:33:09Z", "name": "Mappe.xlsx", "webUrl": "https://Redacted.sharepoint.com/sites/PowerAppsFunktionen/_layouts/15/Doc.aspx?sourcedoc=%7BRedacted%7D&file=Mappe.xlsx&action=default&mobileredirect=true", "cTag": "\"c:{Redacted},15\"", "size": 23064, "createdBy": { "user": { "email": "mmuster@Redacted.onmicrosoft.com", "id": "Redacted", "displayName": "Max Muster" } }, "lastModifiedBy": { "application": { "id": "Redacted", "displayName": "App Service" }, "user": { "email": "mmuster@Redacted.onmicrosoft.com", "id": "Redacted", "displayName": "Max Muster" } }, "parentReference": { "driveId": "Redacted", "driveType": "documentLibrary", "id": "Redacted", "path": "/drives/Redacted/root:" }, "file": { "mimeType": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "hashes": { "quickXorHash": "Redacted" } }, "fileSystemInfo": { "createdDateTime": "2020-11-05T22:17:07Z", "lastModifiedDateTime": "2020-11-06T10:33:09Z" } }, [...] ] } Has anyone had a similar experience? In the first Library i thought it might have to do with the number of items in the Library (about 25.000). But the others are all under 50 items.
Application.ReadWrite.OwnedBy: List all applications owned by the calling application
Hi, I am trying to get only the applications that my app owns using Graph, and on the documentation it shows that I should be able to only list the applications where my app is owner. (This is to limit the content I have access to with my app) https://docs.microsoft.com/en-us/graph/permissions-reference Application Application.Read.All: List all applications (GET /beta/applications) Application.ReadWrite.All: Delete a service principal (DELETE /beta/servicePrincipals/{id}) Application.ReadWrite.OwnedBy: Create an application (POST /beta/applications) Application.ReadWrite.OwnedBy: List all applications owned by the calling application (GET /beta/servicePrincipals/{id}/ownedObjects) Application.ReadWrite.OwnedBy: Add another owner to an owned application (POST /applications/{id}/owners/$ref). NOTE: This may require additional permissions. However, if I create an app that has owner permissions on another app and I query against the Graph API "Applications" I am still able to list all applications in the tenant. I thought having me added as owner, on an application and having only that permission on my app, would limit my result ? Am I missing something here? Adding the app as an owner in the following way: Connect-AzureAD $objectIdOfApplicationToChange = Get-AzureADApplication -objectId "6929067b-b9ab-4bf6-bb17-81be5eb31ba1" $objectIdOfApplicationThatNeedsToBeAdded = Get-AzureADApplication -ObjectId "21780578-3035-47c1-8096-a1641ab3123d" Add-AzureAdApplicationOwner -ObjectId $objectIdOfApplicationToChange.ObjectId -RefObjectId (get-azureadserviceprincipal -all $true | where-object {$_.AppId -like $objectIdOfApplicationThatNeedsToBeAdded.AppId}).ObjectId When I query the Graph through PowerShell, I was hoping to get a 403 when querying all applications... Anyone tried to limit the result you get back using this permission ? It is not a wanted solution to give permissions to read all applications for this app, therefor we need to limit the access...
graph api to get all files from all team channels based on user access
I am trying to find an api using which I can get all files from all the teams/channels where particular user has access to. I tried/used microsoft search api for files. but that return all files based on delegate access token user not specific to a particular user For e.g:- If I generate delegate token using "sgupta" but now I have to use the api to find all the files accessible to "abhishek" . I can't achieve it. I profiled the microsoft teams. they are grabbing all team site urls to get the files but that is not efficient call for a large organization https://teams.microsoft.com/api/mt/apac/beta/teams/recent/files/aggregatefilesSet work location via API (Graph?)
Hi Graph Team! We would like to set the work location ("Office", "Remote") via Graph API endpoint. We want to synchronize the work location in Teams / O365 with information from our internal tool. This workaround here is not applicable to our use case: https://techcommunity.microsoft.com/t5/teams-developer/set-work-location-via-api-graph/m-p/3874804#M8092 There seems to be a high interest in this capability. Can you add this function to Microsoft Graph? Thanks! Jens
Microsoft Graph APi to create List item with PersonAndGroup
I'm trying to create a sharepoint list view item with one column of type personandgroup using graph API. The person or group is not part of sharepoint but its available in Microsoft 365. But Microsoft graph API creates item only when i pass PersonAndGroup value as sharepoint id if i try to pass claim it does not work. As users and groups have not logged in or connected "user Information List" does not have Users I'm trying to populate and not able to create a new List item. Following is working without any issue as long as user id exists in the "user Information List" var listItem = new Microsoft.Graph.ListItem { Fields = new FieldValueSet { AdditionalData = new Dictionary<string, object>() { {"UsernameLookupId", "14"}, //PersonAndGroup where I'm passing sharepoint user Id {"groupname", "Avengers"}, {"Title" , "Captain America"}, //Permission {"Role", "User" }, {"GroupId" , ""}, {"UserId" ,""} } } }; Is there anyway to populate lookup (personandgroup) value without sharepoint userid something like below var listItem = new Microsoft.Graph.ListItem { Fields = new FieldValueSet { AdditionalData = new Dictionary<string, object>() { {"Username", { "user": {"id": "{UserId}"} } } } };
