OneDrive for Business account not working with MS Graph SDK
I have implemented access to OneDrive files using the Graph SDK from https://github.com/microsoftgraph/msgraph-sdk-android
For Authentication, I am using the same approach as in the Connect sample which uses the MSAL library, i.e. compile ('com.microsoft.identity.client:msal:0.1.+')in the build.gradle file.
I am calling mPublicClientApp.acquireToken with
String scopes = {"offline_access", "https://graph.microsoft.com/Files.ReadWrite","https://graph.microsoft.com/User.Read"}; and successfully retrieve accessTokens for both personal accounts and business accounts.
Next, I want to store a file on the user's OneDrive using
client.getDrive()
.getRoot()
.getItemWithPath("file.txt")
.getContent()
.buildRequest()
.put(data);
which works as expected with a personal account but fails with 403: Forbidden when using my business account (which BTW is the user of the app in the Azure portal). Similarly, I get 404: Not found if I try to get the DriveItem for a file which does exist (and that works for the personal account as well).
Is there anything wrong with my code or does it look like wrong configuration of the app? (I am using the "preview mode" in Azure portal). The permissions I have added are
Files.ReadWrite
Delegiert
Have full access to user files
-
offline_access
Delegiert
Access user's data anytime
-
User.Read
Delegiert
Sign in and read user profile
-
User.ReadWrite
Delegiert
Read and write access to user profile
-
This is my full manifest (with some IDs removed):
{
"id": "...",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"allowPublicClient": true,
"appId": "...",
"appRoles": ,
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-12-24T08:51:51Z",
"groupMembershipClaims": null,
"identifierUris": [
"api://..."
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": ,
"knownClientApplications": ,
"logoUrl": null,
"logoutUrl": null,
"name": "...",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "blub",
"adminConsentDisplayName": "bla",
"id": "d3659b01-433e-44eb-ab39-9ee9c19f7fe8",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": null,
"userConsentDisplayName": "read files",
"value": "Files.ReadWrite"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": ,
"parentalControlSettings": {
"countriesBlockedForMinors": ,
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": ,
"preAuthorizedApplications": ,
"publisherDomain": "crocoapps.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "InstalledClient"
},
{
"url": "msal8374f.................d9b2://auth",
"type": "InstalledClient"
},
{
"url": "https://login.live.com/oauth20_desktop.srf",
"type": "InstalledClient"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": ,
"tokenEncryptionKeyId": null
}
android 
azure azure-active-directory microsoft-graph onedrive asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
add a comment |
I have implemented access to OneDrive files using the Graph SDK from https://github.com/microsoftgraph/msgraph-sdk-android
For Authentication, I am using the same approach as in the Connect sample which uses the MSAL library, i.e. compile ('com.microsoft.identity.client:msal:0.1.+')in the build.gradle file.
I am calling mPublicClientApp.acquireToken with
String scopes = {"offline_access", "https://graph.microsoft.com/Files.ReadWrite","https://graph.microsoft.com/User.Read"}; and successfully retrieve accessTokens for both personal accounts and business accounts.
Next, I want to store a file on the user's OneDrive using
client.getDrive()
.getRoot()
.getItemWithPath("file.txt")
.getContent()
.buildRequest()
.put(data);
which works as expected with a personal account but fails with 403: Forbidden when using my business account (which BTW is the user of the app in the Azure portal). Similarly, I get 404: Not found if I try to get the DriveItem for a file which does exist (and that works for the personal account as well).
Is there anything wrong with my code or does it look like wrong configuration of the app? (I am using the "preview mode" in Azure portal). The permissions I have added are
Files.ReadWrite
Delegiert
Have full access to user files
-
offline_access
Delegiert
Access user's data anytime
-
User.Read
Delegiert
Sign in and read user profile
-
User.ReadWrite
Delegiert
Read and write access to user profile
-
This is my full manifest (with some IDs removed):
{
"id": "...",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"allowPublicClient": true,
"appId": "...",
"appRoles": ,
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-12-24T08:51:51Z",
"groupMembershipClaims": null,
"identifierUris": [
"api://..."
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": ,
"knownClientApplications": ,
"logoUrl": null,
"logoutUrl": null,
"name": "...",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "blub",
"adminConsentDisplayName": "bla",
"id": "d3659b01-433e-44eb-ab39-9ee9c19f7fe8",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": null,
"userConsentDisplayName": "read files",
"value": "Files.ReadWrite"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": ,
"parentalControlSettings": {
"countriesBlockedForMinors": ,
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": ,
"preAuthorizedApplications": ,
"publisherDomain": "crocoapps.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "InstalledClient"
},
{
"url": "msal8374f.................d9b2://auth",
"type": "InstalledClient"
},
{
"url": "https://login.live.com/oauth20_desktop.srf",
"type": "InstalledClient"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": ,
"tokenEncryptionKeyId": null
}
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
add a comment |
I have implemented access to OneDrive files using the Graph SDK from https://github.com/microsoftgraph/msgraph-sdk-android
For Authentication, I am using the same approach as in the Connect sample which uses the MSAL library, i.e. compile ('com.microsoft.identity.client:msal:0.1.+')in the build.gradle file.
I am calling mPublicClientApp.acquireToken with
String scopes = {"offline_access", "https://graph.microsoft.com/Files.ReadWrite","https://graph.microsoft.com/User.Read"}; and successfully retrieve accessTokens for both personal accounts and business accounts.
Next, I want to store a file on the user's OneDrive using
client.getDrive()
.getRoot()
.getItemWithPath("file.txt")
.getContent()
.buildRequest()
.put(data);
which works as expected with a personal account but fails with 403: Forbidden when using my business account (which BTW is the user of the app in the Azure portal). Similarly, I get 404: Not found if I try to get the DriveItem for a file which does exist (and that works for the personal account as well).
Is there anything wrong with my code or does it look like wrong configuration of the app? (I am using the "preview mode" in Azure portal). The permissions I have added are
Files.ReadWrite
Delegiert
Have full access to user files
-
offline_access
Delegiert
Access user's data anytime
-
User.Read
Delegiert
Sign in and read user profile
-
User.ReadWrite
Delegiert
Read and write access to user profile
-
This is my full manifest (with some IDs removed):
{
"id": "...",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"allowPublicClient": true,
"appId": "...",
"appRoles": ,
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-12-24T08:51:51Z",
"groupMembershipClaims": null,
"identifierUris": [
"api://..."
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": ,
"knownClientApplications": ,
"logoUrl": null,
"logoutUrl": null,
"name": "...",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "blub",
"adminConsentDisplayName": "bla",
"id": "d3659b01-433e-44eb-ab39-9ee9c19f7fe8",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": null,
"userConsentDisplayName": "read files",
"value": "Files.ReadWrite"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": ,
"parentalControlSettings": {
"countriesBlockedForMinors": ,
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": ,
"preAuthorizedApplications": ,
"publisherDomain": "crocoapps.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "InstalledClient"
},
{
"url": "msal8374f.................d9b2://auth",
"type": "InstalledClient"
},
{
"url": "https://login.live.com/oauth20_desktop.srf",
"type": "InstalledClient"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": ,
"tokenEncryptionKeyId": null
}
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
I have implemented access to OneDrive files using the Graph SDK from https://github.com/microsoftgraph/msgraph-sdk-android
For Authentication, I am using the same approach as in the Connect sample which uses the MSAL library, i.e. compile ('com.microsoft.identity.client:msal:0.1.+')in the build.gradle file.
I am calling mPublicClientApp.acquireToken with
String scopes = {"offline_access", "https://graph.microsoft.com/Files.ReadWrite","https://graph.microsoft.com/User.Read"}; and successfully retrieve accessTokens for both personal accounts and business accounts.
Next, I want to store a file on the user's OneDrive using
client.getDrive()
.getRoot()
.getItemWithPath("file.txt")
.getContent()
.buildRequest()
.put(data);
which works as expected with a personal account but fails with 403: Forbidden when using my business account (which BTW is the user of the app in the Azure portal). Similarly, I get 404: Not found if I try to get the DriveItem for a file which does exist (and that works for the personal account as well).
Is there anything wrong with my code or does it look like wrong configuration of the app? (I am using the "preview mode" in Azure portal). The permissions I have added are
Files.ReadWrite
Delegiert
Have full access to user files
-
offline_access
Delegiert
Access user's data anytime
-
User.Read
Delegiert
Sign in and read user profile
-
User.ReadWrite
Delegiert
Read and write access to user profile
-
This is my full manifest (with some IDs removed):
{
"id": "...",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"allowPublicClient": true,
"appId": "...",
"appRoles": ,
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2018-12-24T08:51:51Z",
"groupMembershipClaims": null,
"identifierUris": [
"api://..."
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": ,
"knownClientApplications": ,
"logoUrl": null,
"logoutUrl": null,
"name": "...",
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "blub",
"adminConsentDisplayName": "bla",
"id": "d3659b01-433e-44eb-ab39-9ee9c19f7fe8",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": null,
"userConsentDisplayName": "read files",
"value": "Files.ReadWrite"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": ,
"parentalControlSettings": {
"countriesBlockedForMinors": ,
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": ,
"preAuthorizedApplications": ,
"publisherDomain": "crocoapps.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://login.microsoftonline.com/common/oauth2/nativeclient",
"type": "InstalledClient"
},
{
"url": "msal8374f.................d9b2://auth",
"type": "InstalledClient"
},
{
"url": "https://login.live.com/oauth20_desktop.srf",
"type": "InstalledClient"
}
],
"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "5c28f0bf-8a70-41f1-8ab2-9032436ddb65",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "b4e74841-8e56-480b-be8b-910348b18b4c",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADandPersonalMicrosoftAccount",
"tags": ,
"tokenEncryptionKeyId": null
}
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
asked Dec 29 '18 at 18:55
PhilippPhilipp
7,042445101
7,042445101
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I think your replyUrlsWithType values aren't holding the correct values. This list should hold the URLs to which Azure AD will redirect to once a token is issued.
Taken from Azure Active Directory app manifest:
replyUrlsWithType
This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each uri value should contain an associated app type value. Supported type values are:
Web,InstalledClient.
Hope it helps!
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53972480%2fonedrive-for-business-account-not-working-with-ms-graph-sdk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think your replyUrlsWithType values aren't holding the correct values. This list should hold the URLs to which Azure AD will redirect to once a token is issued.
Taken from Azure Active Directory app manifest:
replyUrlsWithType
This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each uri value should contain an associated app type value. Supported type values are:
Web,InstalledClient.
Hope it helps!
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
add a comment |
I think your replyUrlsWithType values aren't holding the correct values. This list should hold the URLs to which Azure AD will redirect to once a token is issued.
Taken from Azure Active Directory app manifest:
replyUrlsWithType
This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each uri value should contain an associated app type value. Supported type values are:
Web,InstalledClient.
Hope it helps!
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
add a comment |
I think your replyUrlsWithType values aren't holding the correct values. This list should hold the URLs to which Azure AD will redirect to once a token is issued.
Taken from Azure Active Directory app manifest:
replyUrlsWithType
This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each uri value should contain an associated app type value. Supported type values are:
Web,InstalledClient.
Hope it helps!
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
I think your replyUrlsWithType values aren't holding the correct values. This list should hold the URLs to which Azure AD will redirect to once a token is issued.
Taken from Azure Active Directory app manifest:
replyUrlsWithType
This multi-value property holds the list of registered redirect_uri values that Azure AD will accept as destinations when returning tokens. Each uri value should contain an associated app type value. Supported type values are:
Web,InstalledClient.
Hope it helps!
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
answered Dec 30 '18 at 6:53
Itay PodhajcerItay Podhajcer
1,9241412
1,9241412
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
add a comment |
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
thanks for looking into this. The URIs in this list have been added as I checked the suggested Redirect URIs in the GUI config. I have checked those three because two were suggested in some articles which I read, but the msal-URI is actually the one which makes authentication work correctly. What do you think should be the correct value?
– Philipp
Dec 30 '18 at 8:06
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
I didn't encounter those 2 URLs being used as redirects, so that section really popped out for me. As far as I remember, that list should contain URLs used to receive the token on your end.
– Itay Podhajcer
Dec 30 '18 at 8:17
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
well, "my end" is an android app and the msal-URI is acually registered in the app's manifest, so I think that should be fine, right? It also looks to me like the authentication is working (I do receive an access token), so I suspect it's rather something related to permissions?
– Philipp
Dec 30 '18 at 8:32
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
Then maybe you're missing a scope for OneDrive for Business (I don't think they'll use the same scope for two different products)
– Itay Podhajcer
Dec 30 '18 at 8:56
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53972480%2fonedrive-for-business-account-not-working-with-ms-graph-sdk%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
