azure-ad-graph-apimicrosoft-graph-onenote

Create new OneNote notebook Bad request


I want to create a new OneNote notebook using Graph api.

I am following this document, https://learn.microsoft.com/en-us/graph/api/onenote-post-notebooks?view=graph-rest-1.0&tabs=http

Using Graph Explorer, I created it without loss but I want to achieve the same from different environment (Ex: Postman)

I got token with client_credentials flow but when I call query stuck with error like

"error": { "code" : "BadRequest", "message": "/me request is only valid with delegated authentication flow. ", }

I have Notes.ReadWrite.All permission granted to my Azure application.

I cannot use Delegated authentication flow in my scenario. How to proceed further? Why can't I use /me in request? Please help

TIA


Solution

  • I tried to reproduce the same in my environment via Postman and got the below results:

    In my Azure AD application, I granted API permissions like below:

    enter image description here

    I got the access token using client credentials with parameters like below:

    POST https://login.microsoftonline.com/<TenantID>/oauth2/v2.0/token
    client_id:my_appID
    grant_type:client_credentials
    scope:https://graph.microsoft.com/.default
    client_secret:my_client_secret
    

    Response:

    enter image description here

    When I tried to create a notebook with above token, I got same error as below:

    POST https://graph.microsoft.com/v1.0/me/onenote/notebooks
    Content-type: application/json
    {
        "displayName": "My Test notebook"
    }
    

    Response:

    enter image description here

    Please note that, client credentials flow doesn't require signed-in user (no user interaction) and generates token on behalf of all users in application.

    When you use /me in the request, it could not identify that specific user among all users. So, we cannot use /me endpoint with client credentials flow.

    To resolve the error, you need to use delegated authentication flows like Authorization code flow, ROPC flow etc... that require user to sign in.

    As you cannot use Delegated authentication flow in your scenario, you can try below query by replacing /me with /users/userID:

    POST https://graph.microsoft.com/v1.0/users/<User_ObjectID>/onenote/notebooks
    Content-type: application/json
    {
        "displayName": "My Test notebook"
    }
    

    Using the above query, I created new notebook successfully.