MSGraph subscription create error: "message": "Operation: Create; Exception: [Status Code: Unauthorized; Reason: ]", "code": "ExtensionError"

Question

I need to create subscription to users using Microsoft Graph.

I have all rights in Aure Active Directory:

User.Read.All.

My subscription method:

def create_subscription_to_users(self):
    t = datetime.utcnow() + timedelta(minutes=settings.MAX_TIME_DELTA_IN_MINUTES)
    payload = {
        "changeType": "updated",
        "notificationUrl": "{0}/webhooks/azure".format(settings.AZURE_WEBHOOKS_CALLBACK_BASE_URL),
        "resource": "users",
        "expirationDateTime": t.strftime("%Y-%m-%dT%H:%M:%S.%fZ")
    }
    response = self.graph_client.post(url='{0}/subscriptions'.format(settings.GRAPH_URL), json=payload).json()
    self.add_log(url='{0}/subscriptions'.format(settings.GRAPH_URL),
                 method='POST', payload=payload, response=response)
    return response

My validation class:

class AzureHook(View):
    def post(self, request):
        url = request.get_full_path()
        parsed_url = parse_qs(urlsplit(url).query)
        validation = dict(parsed_url).get('validationToken')[0]
        return HttpResponse(validation.encode('utf-8'), content_type='text/plain')

But I still receive as response for creating subscription:

{"error": {"innerError": {"date": "2019-07-03T11:29:39", "request-id": "5e7f1fc3-8ef4-4511-b661-35bf7d146cc3"}, "message": "Operation: Create; Exception: [Status Code: Unauthorized; Reason: ]", "code": "ExtensionError"}}

Could someone please help me with this?

Answer 1

So as to get rid of this error add following scopes in the application. User.Read.All&offline_access, User.ReadWrite.All, Group.ReadWrite.All, Group.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All, openid.

To get the authorization code try this url in your browser. https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=&response_type=code&redirect_uri= http://localhost:4200/api/auth/callback/AzureAD&response_mode=query&scope=User.Read.All &User.ReadWrite.All&Group.ReadWrite.All&Group.Read.All&Directory.ReadWrite.All&Directory.AccessAsUser.All&openid&offline_access&state=12345&prompt=login

Try this request first using postman, I am attaching curl request for your reference.

curl -X POST \ https://graph.microsoft.com/v1.0/subscriptions \ -H 'Authorization: Bearer ' \ -H 'Content-Type: application/json' \ -d '{ "changeType": "updated", "notificationUrl": "https://5690e074.ngrok.io", "resource": "groups", "expirationDateTime": "2019-07-13T10:19:03.170Z", "clientState": "secretClientValue" }'