GraphAPI

What’s Microsoft Graph API? Well, Microsoft says it like this:

“Microsoft Graph is made up of resources connected by relationships. For example, a user can be connected to a group through a memberOf relationship, and to another user through a manager relationship. Your app can traverse these relationships to access these connected resources and perform actions on them through the API.”

In practice, it offers a developer an unified API, where you can access most resources available in Office 365. Not all, though, but Microsoft is improving it almost weekly.

In case you’re not using it yet, you probably should! This category contains all of my posts related to my findings about Graph API – there’s probably going to be a lot of authentication stuff, too… :) For just them, check out the Azure AD or ADAL -categories!

How to solve “Unified Groups aren’t supported.” -error

Unified Groups aren't supported.

When trying to use some functionality, that relies on Unified Groups, you’re getting errors in the console, similar to this: “Unified Groups aren’t supported.” In truth, this most likely means, that Unified Groups (that’s the internal/technical name for Office 365 Groups) is not enabled for this particular user. That breaks a bunch of different features for them, since the Graph API for Groups of course won’t work. This post describes one way to fix this issue!

How to solve this?

Continue reading

Related Posts:

How to form links to Planner tasks

Office 365 Planner logo

Office 365 Planner is a neat tool for task management. However, when you, for whatever use case, need to form urls that point you towards a single task (or a bucket, or a plan for that matter), you might run into trouble with how the url is formed. Custom domains actually make it a bit complicated, but luckily there’s a workaround!

Description of the issue

If you have multiple domains in your Azure AD, your Planner might end up using your custom domain in its urls. However, if you need to develop some multi-tenant code, that works with any tenant and whatever weird custom domains, you’d have to actually either create another user-supplied property (for the custom domain), or develop some creative extra code to fetch the domains from somewhere… Since the Graph API for Planner certainly does NOT return that!

No worries – you don’t actually need to develop any complicated or smart code. It’s actually WAY easier than that!  Continue reading

Related Posts:

Call to sites Graph API requires “owner” permissions for site collection regardless of app permissions

Okay – yet another weird issue, and a hacky workaround. I was developing an app that was calling a SharePoint site through Graph API, using jQuery $.ajax call (developed in TypeScript), and ran into surprising 401 errors. I did find a workaround, but am also working on an actual fix.

Description

To get SharePoint site ID, which is needed when accessing SharePoint lists, the calls seemed to fail for my test accounts. Everything was working fine for my developer account, which was a global admin, so the first thing I was suspecting was of course permissions…

The first offending test account was a Group member, and a restricted reader in the site collection I was trying to access via Graph. The account was also a contributor on the root site of the tenant. And all of my accounts were licensed with E3/E5.

I knew that this part of the code was supposed to get a site id for a certain SharePoint site collection with a call to Graph API, similar to this one:

https://graph.microsoft.com/v1.0/sites/<tenant>.sharepoint.com:/sites/<site>/

It worked for my developer account, but just wouldn’t work for the test accounts! This is the error I got: Continue reading

Related Posts:

4 ways to fix error AADSTS65001 (The user or administrator has not consented to use the application)

Azure AD Login error

Fixing issues with Azure AD authentication for Enterprise applications can be tricky. This article contains multiple different fixes to an issue, where granting admin consent has somehow failed. Not all of the different solutions will work for all situations, though! That’s why I included a couple of different options to try… 🙂

Why do you even get issues with Admin Consent (like AADSTS65001)?

Imagine this: You’re trying to add or use an app, but the requires such permissions from your tenant, that only an administrator can grant. Typically to add this kind of an app, you’ll have to be a global administrator.

This is when an admin consent is required for the usage of the app – and if that hasn’t been granted, you’ll get errors about administrators not having consented to the use of the app you’re accessing.

Additionally, just to make the investigation just a bit more complicated, if it’s an enterprise application, it could also be in an invalid state after someone tried adding the app without sufficient permissions.

I’ve been investigating a lot of these issues in relation to organizations using a mobile app, which the customer has been deploying as an enterprise application. Most of the things should apply for web-based apps or console programs or whatever else you’re deploying, too – especially if they’re enterprise applications in Azure AD!

The whole error might look something like this: Continue reading

Related Posts: