2

I want to create a new OneNote notebook using Graph api.

I am following this document, https://learn.microsoft.com/en-us/graph/api/onenote-post-notebooks?view=graph-rest-1.0&tabs=http

Using Graph Explorer, I created it without loss but I want to achieve the same from different environment (Ex: Postman)

I got token with client_credentials flow but when I call query stuck with error like

"error": { "code" : "BadRequest", "message": "/me request is only valid with delegated authentication flow. ", }

I have Notes.ReadWrite.All permission granted to my Azure application.

I cannot use Delegated authentication flow in my scenario. How to proceed further? Why can't I use /me in request? Please help

TIA

ShaliniP
  • 23
  • 3

2 Answers2

0

If you want to create the notes you need Notes.Create delegated permission , this will allows the app to read the titles of OneNote notebooks and sections and to create new pages , please see the doc for more info - https://learn.microsoft.com/en-us/graph/permissions-reference#notes-permissions

As you said you have Notes.ReadWrite.All permission, this will only Allows the app to read, share, and modify OneNote .

enter image description here

Hope this help you .

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment" , thanks

vicky kumar
  • 563
  • 3
  • 11
  • I am using client credentials flow, assigning delegated Notes.Create is not useful for me. – ShaliniP Sep 08 '22 at 11:14
  • in that case you have to use /users/{id | userPrincipalName}/onenote/notebooks . which i already asked you in above comment. – vicky kumar Sep 08 '22 at 12:57
0

I tried to reproduce the same in my environment via Postman and got the below results:

In my Azure AD application, I granted API permissions like below:

enter image description here

I got the access token using client credentials with parameters like below:

POST https://login.microsoftonline.com/<TenantID>/oauth2/v2.0/token
client_id:my_appID
grant_type:client_credentials
scope:https://graph.microsoft.com/.default
client_secret:my_client_secret

Response:

enter image description here

When I tried to create a notebook with above token, I got same error as below:

POST https://graph.microsoft.com/v1.0/me/onenote/notebooks
Content-type: application/json
{
    "displayName": "My Test notebook"
}

Response:

enter image description here

Please note that, client credentials flow doesn't require signed-in user (no user interaction) and generates token on behalf of all users in application.

When you use /me in the request, it could not identify that specific user among all users. So, we cannot use /me endpoint with client credentials flow.

To resolve the error, you need to use delegated authentication flows like Authorization code flow, ROPC flow etc... that require user to sign in.

As you cannot use Delegated authentication flow in your scenario, you can try below query by replacing /me with /users/userID:

POST https://graph.microsoft.com/v1.0/users/<User_ObjectID>/onenote/notebooks
Content-type: application/json
{
    "displayName": "My Test notebook"
}

Using the above query, I created new notebook successfully.

Sridevi
  • 10,599
  • 1
  • 4
  • 17