4

I'm building a Windows service that connects to OneDrive for Business via the Graph API using this method: https://graph.microsoft.io/en-us/docs/authorization/app_only

I've successfully authenticated my application and have a token for making calls to Graph API. I have given my Azure AD application permissions to both Windows Azure Active Directory and Microsoft Graph (all application and delegated permissions have been selected for both).

My goal is to get the contents of a folder that resides in a specific user's OneDrive. I need to make the following Graph API call:

//graph.microsoft.com/v1.0/users('user-guid')/drive/items/long-item-id-here/children

I can execute this request successfully using Microsoft Graph Explorer (logged in with my Office 365 credentials). When I try to make the same call as an application (using the auth token received above), I get an "itemNotFound" code with the message "The resource could not be found." (request-id: 5e814dce-c4c2-4615-90e6-ea8ab90cbc49). However, I am able to query the root and the "folder.childCount" property shows the correct number of children in the root:

//graph.microsoft.com/v1.0/users('user-guid')/drive/root

I've set the folder's sharing to "All Authenticated Users" and I still receive "The resource could not be found" from the API call.

Any ideas on what I'm missing here?

baparks
  • 255
  • 1
  • 3
  • 7
  • Did you have a look at the documentation on this page: https://graph.microsoft.io/en-us/docs/api-reference/v1.0/api/item_list_children – carey walker Mar 08 '16 at 21:35

2 Answers2

5

The marked answer is no longer the case. You can now access OneDrive and SharePoint resources using a Client Credentials grant (aka "App Only").

The applicable scopes are Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All

Marc LaFleur
  • 31,987
  • 4
  • 37
  • 63
  • For OneDrive Business it might be necessary to explicit allow access to the Office 365 Sharepoint Online API in the Azure AD/Office 365 portal – Peter M. Oct 09 '18 at 20:48
3

The application is using App-only authorization which is currently not supported for accessing OneDrive for Business through Microsoft Graph API. Please use delegated flow, which is used by Graph Explorer.

Sriram Dhanasekaran-MSFT
  • 819
  • 6
  • 4
  • If I understand how delegated flow works (auth token + refresh tokens), it seems that this would not be suitable for my windows service that will make this call possibly once per day... by that time both the access token and refresh token would've expired. Is the recommend approach to continually get refresh tokens so the access token never expires? – baparks Mar 09 '16 at 05:56
  • Refresh tokens is an option provided your scenario meets certain criteria described at cloudidentity.com/blog/2015/03/20/azure-ad-token-lifetime . Another option is to use OAuth2 password flow (grant_type=password) where an access token can be obtained by providing username and password. – Sriram Dhanasekaran-MSFT Mar 09 '16 at 23:23
  • The OAuth2 password flow option works. Thanks for your help, Sriram. – baparks Mar 10 '16 at 06:23
  • Crap!!! When is App-only authorization going to be supported for OneDrive? It is supported for sharepoint? – Nicholas DiPiazza Aug 07 '17 at 15:01