Consume MS Graph API in Azure Active Directory : C# and Postman

Question

I am new to MS Graph API and was trying to retrieve the SharePoint List Items using MS Graph registered in Azure AD . I was able to retrieve the access token by passing the following parameters(client_id,client_secret,resource,authority) so the problem lies while running the api url : https://graph.microsoft.com/v1.0/sites/{{site-id}}/lists/{{list-id}}/items?$Select=Id&$expand=fields($select=Title) in Postman (by passing Bearer-access token in Header).

I received the following error stating that "Either scp or role claim need to be present in the token".It would be great if you could guide me to provide the right solution since I am trying to consume the api using C# and was receiving the following error stating that "403-Forbidden"

using (var client = new HttpClient())
{
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://graph.microsoft.com/v1.0/sites/{{site-id}}/lists");
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
var response = client.SendAsync(request).Result;


//var result = requestTask.Result;
if (response.IsSuccessStatusCode)
{
  var readTask = response.Content.ReadAsStringAsync();
  readTask.Wait();
  Console.WriteLine("Response:" + readTask);
}

}

And if you still have problem, please feel free to let me know. — Joey Cai, Oct 31 '19 at 07:27

Joey Cai · Answer 1 · 2019-10-17T02:26:40.700

When you get the collection of items in a list, you need have the following permission.

And according to the picture you provided, the application permission of Sites.Read.All and Sites.ReadWrite.All do not grant consent, so it shows the yellow warnings. The right status is as below:

You need to grant admin consent to these permission, and then decoded the access token you will see the app permission in role claim.

Consume MS Graph API in Azure Active Directory : C# and Postman

1 Answers1