When calling the Microsoft graphAPI application route: `https://graph.microsoft.com/v1.0/users/{user@example.com}/onlineMeetings?$filter=joinWebUrl eq '{joinUrl from invitation}'
I get an http 404 (not found) with a body like:
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2023-08-15T20:06:35",
"request-id": "933fxxxx-xxxxxx-xxxx",
"client-request-id": "933fxxxx-xxxxxxxx-xxxx"
}
}
}
I know there is data for this user and event, because I can call the equivalent delegated route successfully (logged in as user@example.com):
`https://graph.microsoft.com/v1.0/me/onlineMeetings?$filter=joinWebUrl eq '{joinUrl from invitation}'
Gives the expected response.
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('xxxxx')/onlineMeetings",
"value": [
{
"id": "MSozYmQyNGQ1Ni0xxxxx",
"creationDateTime": "2022-10-25T14:14:32.3007696Z",
"startDateTime": "2023-01-09T20:00:00Z",
"endDateTime": "2023-01-09T20:30:00Z",
"joinUrl": "https://teams.microsoft.com/l/meetup-join/xxxx",
"joinWebUrl": "https://teams.microsoft.com/l/meetup-join/xxxx",
"meetingCode": "1234567890",
"subject": "some meeting",
"isBroadcast": false,
....<snip>
Why does the application route not return data?
Context
In the Microsoft Entra Admin center, I've granted the application all the related permissions for onlineMeetings:
I've created and applied an Application Access Policy as indicated in ms graphAPI docs for onlineMeeting using New-CsApplicationPolicy. I first granted that policy globally using Grant-CsApplicationPolicy. I believe that is when the delegated endpoints began working. I tried granting the policy to a specific user, but that did not change the application endpoint behavior.
I could not find a way to see what policy is granted to what user, but I can see that it is assigned to at least one user because Remove-CsApplicationPolicy complains that the policy is assigned when I try to remove the policy.
I read This similar question, but the error code from that question is 503.
I'm using postman, but the MS graph explorer gave the same result.
Why can't you use the delegated endpoints?
The delegated endpoints use the OAuth2 "Auth code flow". The system I'm working with is non-iteractive. It is similar to zapier. Technically it is possible to implement the authentication dance, but it would be quite opaque and unmaintainable. I could implement a couple aws lambdas with a SAM api as opposed to a low code pipeline. However neither solution should be necessary if the application endpoints work!
