7

The teams list channel Graph API has started throw Unauthorized error as below. It use to work fine until yesterday. We are using "ServicePrincipal" for authentication and it has all necessary graph permission. In this case - Group.Read.All

Sample endpoint we are using is as below. https://graph.microsoft.com/v1.0/teams/dccde580-0fc5-11eb-adc1-0242ac120002/channels.

Since this morning, it is failing continuously with the below error. More over, this is not a beta API.

As per our analysis, it is failing for those teams which has a private channel it. But as per documentation, private channels should be returned in the response as well. I dont understand what could be the issue.

Any idea / hints /help in this regard is really appreciated.

{
  "error": {
    "code": "Unauthorized",
    "message": "Failed to execute Aad backend request GetUsersByObjectIdsRequest. Workload Unknown. Request Url: https://graph.windows.net/myorganization/getObjectsByObjectIds?api-version=1.61-internal, Request Method: POST, Response Status Code: Unauthorized, Response Headers: ocp-aad-diagnostics-server-name: 0yK5pQbb6mmQTig21hH07WmGI0k2nuTime8Zw4wMO7k=\r\nrequest-id: c33c655e-27f7-4f96-aabf-70e6d9d8770d\r\nclient-request-id: 5bd775a7-7dba-4ad7-bc9a-fbd91ae46fea\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nDate: Fri, 16 Oct 2020 15:23:45 GMT\r\n, Reason Phrase: Unauthorized",
    "innerError": {
      "date": "2020-10-16T15:23:45",
      "request-id": "3f3793b8-02d6-4653-a14f-3e455660e3d8",
      "client-request-id": "3f3793b8-02d6-4653-a14f-3e455660e3d8"
    }
  }
}
Shiva Keshav Varma
  • 3,398
  • 2
  • 9
  • 13
KSP
  • 91
  • 1
  • 5
  • What happens if you try the same call with Microsoft Graph Explorer? does it work? – Dev Oct 19 '20 at 07:04
  • Are you calling the AAD graph api `https://graph.windows.net/myorganization/getObjectsByObjectIds?api-version=1.61-internal`? It may be that you used the wrong token to call the AAD graph and caused the error. – Carl Zhao Oct 19 '20 at 08:21
  • Did you find a solution or the cause of the problem? I have the same problem with some teams with a private channel, but not with all. – lolsharp Oct 19 '20 at 16:17
  • @Dev - I see the same error even in GraphExplorer. Strangely, this error comes only with "ServicePrincipal". If I use my account, it gives me results. – KSP Oct 20 '20 at 06:40
  • @Carl Zhao - No. I am calling the MS Graph (not old AAD graph) and I am using the correct token. MS Graph makes some internal calls as you could see from the error message, this endpoint that it tries to connect to is an internal call and it fails there. – KSP Oct 20 '20 at 06:41
  • @lolsharp - No.The issue still persists. I am planning to open a Microsoft case. Not sure if this is tenant specific issue. Because, I dont have the same issue in our test tenant. But we have this issue in our development tenant. – KSP Oct 20 '20 at 06:43
  • As a final effort, see if there is any changes been made at service principal and changes in tenant/configuration. If yes, try revoke it and see if it helps. If issue persists, consider opening a support ticket and see if it fixes the issue. – Dev Oct 20 '20 at 08:07
  • @KSP Did you have any luck w/ MS support? This issue just started happening for us today. It's bizarre. – bradvido Oct 22 '20 at 13:27
  • Can you provide me clientRequestID. – VaraPrasad-MSFT Nov 03 '20 at 10:17

2 Answers2

1

We are facing the same issue, and the error exist in some of our test tenants and it will thrown by microsoft when we using the application permission to make the request. The requests with the delegate permission token work without any issue.

Jason.Jiang
  • 41
  • 3
0

Microsoft adds some Permissons.

https://learn.microsoft.com/de-de/graph/api/channel-list?view=graph-rest-beta&tabs=http

Do you have the application permissons?

Do you use the beta endpoint? Look at this: https://learn.microsoft.com/de-de/microsoftteams/platform/graph-api/rsc/resource-specific-consent

cuban8
  • 1