Trying to perform a search action on a Drive with a Client Credentials (App) token, like with the following URL:
https://graph.microsoft.com/v1.0/groups/{GROUP_ID}/drive/root/search(q='newFileTest.docx')
... results in a 403 error:
{
"error": {
"code": "accessDenied",
"message": "The caller does not have permission to perform the action.",
"innerError": {
"request-id": "**redacted**",
"date": "2019-04-17T12:47:10"
}
}
}
The client has the Files.ReadWrite.All
permisson, which is necessary to be able to execute a search query, and can read/write folders and files without any issues.
Executing the same command with Delegated Auth (so with a logged-in user, e.g. the Microsoft Graph Explorer) works, but returns 0 results (see this bug for details).
This seems like a bug to me, but would be happy to hear if someone thinks it's not.