Invoke-MgGraphRequest gives 403 forbidden for /beta/admin/sharepoint/settings endpoint with scope SharePointTenantSettings.ReadWrite.All #2826
Comments
AlyaKoni
added
status:waiting-for-triage
timayabi2020
added
Status: Needs Investigation
and removed
status:waiting-for-triage
|
@AlyaKoni this is has been fixed now. Can you please check? Cheers. |
timayabi2020
added
status:waiting-for-author-feedback
|
Issue is fixed. many thanks! |
microsoft-github-policy-service
bot
added
Needs: Attention 👋
and removed
status:waiting-for-author-feedback
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Invoke-MgGraphRequest gives 403 forbidden for /beta/admin/sharepoint/settings endpoint with scope SharePointTenantSettings.ReadWrite.All
Invoke-MgGraphRequest: GET https://graph.microsoft.com/beta/admin/sharepoint/settings
HTTP/2.0 403 Forbidden
Cache-Control: no-store, no-cache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: e3a1b7ae-3cde-483d-bff7-153adfb5f607
client-request-id: 1859889c-9d81-437c-b7c7-7e6e1cc6ae4e
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Switzerland North","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"ZRH2EPF000000E6"}}
Date: Thu, 04 Jul 2024 18:48:32 GMT
Content-Type: application/json
Content-Encoding: gzip
{"error":{"code":"accessDenied","message":"Access denied","innerError":{"date":"2024-07-04T18:48:32","request-id":"e3a1b7ae-3cde-483d-bff7-153adfb5f607","client-request-id":"1859889c-9d81-437c-b7c7-7e6e1cc6ae4e"}}}
Expected behavior
Login should work as last several years
How to reproduce
Connect-MGGraph -Scopes "SharePointTenantSettings.ReadWrite.All"
Invoke-MgGraphRequest -Method "Get" -Uri "https://graph.microsoft.com/beta/admin/sharepoint/settings"
SDK Version
2.19.0
Latest version known to work for scenario above?
No response
Known Workarounds
None
Debug output
PS C:\Alya\Repos\AHPDO-ADM-CloudConfiguration> Connect-MGGraph -Scopes "SharePointTenantSettings.ReadWrite.All" -Debug
DEBUG: InteractiveBrowserCredential.GetToken invoked. Scopes: [ SharePointTenantSettings.ReadWrite.All ] ParentRequestId:
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] MSAL MSAL.NetCore with assembly version '4.60.1.0'. CorrelationId(850b426f-93fc-426d-9d51-8f46d2a7a40d)
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] LoginHint provided: False
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] Account provided: True
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] ForceRefresh: False
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d]
=== Request Data ===
Authority Provided? - True
Scopes - SharePointTenantSettings.ReadWrite.All
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 850b426f-93fc-426d-9d51-8f46d2a7a40d
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] === Token Acquisition (SilentRequest) started:
Scopes: SharePointTenantSettings.ReadWrite.All
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] Access token is not expired. Returning the found cache entry. [Current time (07/04/2024 18:47:17) - Expiration Time (07/04/2024 20:09:36 +00:00) - Extended Expiration Time (07/04/2024 20:09:36 +00:00)]
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.60.1.0 MSAL.NetCore .NET 8.0.6 Microsoft Windows 10.0.22631 [2024-07-04 18:47:17Z - 850b426f-93fc-426d-9d51-8f46d2a7a40d] AT expiration time: 04.07.2024 20:09:36 +00:00, scopes: Application.ReadWrite.All AppRoleAssignment.ReadWrite.All AuditLog.Read.All ChannelMessage.Send Contacts.Read CrossTenantInformation.ReadBasic.All DelegatedPermissionGrant.ReadWrite.All DeviceManagementApps.Read.All DeviceManagementApps.ReadWrite.All DeviceManagementConfiguration.Read.All DeviceManagementConfiguration.ReadWrite.All DeviceManagementManagedDevices.Read.All DeviceManagementManagedDevices.ReadWrite.All DeviceManagementRBAC.Read.All DeviceManagementServiceConfig.Read.All DeviceManagementServiceConfig.ReadWrite.All Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Domain.ReadWrite.All email Group.ReadWrite.All GroupMember.ReadWrite.All openid Organization.ReadWrite.All OrganizationalBranding.ReadWrite.All Policy.Read.All Policy.ReadWrite.AuthenticationMethod Policy.ReadWrite.Authorization Policy.ReadWrite.ConditionalAccess Policy.ReadWrite.CrossTenantAccess Policy.ReadWrite.DeviceConfiguration Policy.ReadWrite.PermissionGrant profile RoleAssignmentSchedule.ReadWrite.Directory RoleEligibilitySchedule.Read.Directory RoleEligibilitySchedule.ReadWrite.Directory RoleManagement.Read.All RoleManagement.ReadWrite.Directory SharePointTenantSettings.ReadWrite.All TeamMember.ReadWrite.All TeamsApp.ReadWrite.All TeamsAppInstallation.ReadWriteForTeam TeamsAppInstallation.ReadWriteSelfForTeam TeamSettings.ReadWrite.All TeamsTab.ReadWrite.All User.Read.All User.ReadWrite.All UserAuthenticationMethod.Read.All UserAuthenticationMethod.ReadWrite.All WindowsUpdates.ReadWrite.All. source: Cache
DEBUG: InteractiveBrowserCredential.GetToken succeeded. Scopes: [ SharePointTenantSettings.ReadWrite.All ] ParentRequestId: ExpiresOn: 2024-07-04T20:09:36.0000000+00:00
Welcome to Microsoft Graph!
Connected via delegated access using 14d82eec-204b-4c2f-b7e8-296a70dab67e
Readme: https://aka.ms/graph/sdk/powershell
SDK Docs: https://aka.ms/graph/sdk/powershell/docs
API Docs: https://aka.ms/graph/docs
NOTE: You can use the -NoWelcome parameter to suppress this message.
Configuration
Name Value
PSVersion 7.4.3
PSEdition Core
GitCommitId 7.4.3
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Other information
No response
The text was updated successfully, but these errors were encountered: