Fail to create online meeting with application identity with GraphServiceClient

南楼画角 提交于 2021-01-24 07:10:34

问题


I'm using an application identity from Azure AD with both read write permission granted, I've also run the Grant-CsApplicationAccessPolicy so that the application identity has right to create online meeting on behalf of a real user identity from Azure AD

I know my setup works with get user from the graph api. However, I'm getting error after running the following:

            var confidentialClient = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithAuthority($"https://login.microsoftonline.com/{tenantId}/v2.0")
                .WithClientSecret(clientSecret)
                .Build();

            GraphServiceClient graphServiceClient =
                new GraphServiceClient("https://graph.microsoft.com/beta", new DelegateAuthenticationProvider(async (requestMessage) =>
                {

                        var authResult = await confidentialClient
                            .AcquireTokenForClient(scopes)
                            .ExecuteAsync();

                        requestMessage.Headers.Authorization =
                            new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
                })
                    );

                var onlineMeeting = new OnlineMeeting
                {
                    StartDateTime = DateTimeOffset.Parse("2020-12-25T21:30:34.2444915+00:00"),
                    EndDateTime = DateTimeOffset.Parse("2020-12-25T22:00:34.2464912+00:00"),
                    Subject = "User Token Meeting 1"
                    
                };

                var meetingInstance = await graphServiceClient.Me.OnlineMeetings
                    .Request()
                    .AddAsync(onlineMeeting);

The error message is as follow, why would it say User look up by user id failed in AAD?

Status: NotFound (404) OperationId: 8d06ff01-1dc3-49d1-9ced-9db6a919b162

ClientCorrelationId: 53b4478e-ba86-48ca-bb5b-25e5ef50c187

Server error: User lookup by user id failed in AAD.

Client exception: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.

Inner error:

AdditionalData:

date: 2020-12-16T21:08:31

request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

client-request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

ClientRequestId: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at MSTeam.Program.Main(String[] args) in D:\VSTS\msteam\MSTeam\MSTeam\Program.cs:line 62


回答1:


Dev is correct.

Based on this document:

Request when using an application token: POST /users/{userId}/onlineMeetings.

So you should use graphServiceClient.Users["{userId}"].OnlineMeetings instead of graphServiceClient.Me.OnlineMeetings here.

userId is the object ID of a user. When you Configure application access policy, you need to grant the policy to the user:

Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "ddb80e06-92f3-4978-bc22-a0eee85e6a9e"

ddb80e06-92f3-4978-bc22-a0eee85e6a9e is exactly the userId.

My code for your reference:

        // Configure the MSAL client as a confidential client
        var confidentialClient = ConfidentialClientApplicationBuilder
            .Create("{client_id}")
            .WithTenantId("{tenant_id}")
            .WithClientSecret("{client_secret}")
            .Build();

        ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClient);

        GraphServiceClient graphServiceClient = new GraphServiceClient(authProvider);

        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-01-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-01-12T22:00:34.2464912+00:00"),
            Subject = "User Token Meeting123"
        };

        var meeting = await graphServiceClient.Users["{userId}"].OnlineMeetings
            .Request()
            .AddAsync(onlineMeeting);


来源:https://stackoverflow.com/questions/65405991/fail-to-create-online-meeting-with-application-identity-with-graphserviceclient

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!