NodeJs AxiosError: Request failed with status code 403 (Mircosft Graph API)
I working with an MS Graph API to read a user calendar event using Lambda with NodeJs. Here is the flow of what I am doing: First I registered an app in AAD and gave the delegated permission like
- Calendars.ReadWrite
- User.Read
Here is the code flow: first I am getting the access token
var options = {
method: 'POST',
url: `https://login.microsoftonline.com/af2601c4-9adasd-******-99fd-e15104d7d9fc/oauth2/v2.0/token`,
data: data(I am passing the clientid, client_secret, scope etc)
};
and after that, I am trying to read the calendar event
try{ const response = await axios.get('https://graph.microsoft.com/v1.0/users/108ca636-***-41e2-8dd5-********/events', {
headers: {
Authorization: `Bearer ${accessToken}`
}
});
but it gives me this error
"message": "Request failed with status code 403",
"name": "AxiosError",
"stack": "AxiosError: Request failed with status code 403
PS: I decoded the Access token and I don't see any permission{in the above picture} I have given in the AAD to the app. thanks in advance.
The error occurred as you are using permissions of Delegated type that won't work with client credentials flow.
Initially, I too got same error when I granted Delegated permissions and used that token to fetch user's events via Postman:
GET https://graph.microsoft.com/v1.0/users/user_id/events
Response:
To resolve the error, you need to grant permissions of Application type and make sure to grant admin consent like this:
Now, I generated the token again using client credentials flow via Postman with below parameters:
POST https://login.microsoftonline.com/tenantId/oauth2/v2.0/token
grant_type:client_credentials
client_id: appId
client_secret: secret
scope: https://graph.microsoft.com/.default
Response:
You can decode this token in jwt.ms website and check roles claim for permissions:
When I used this token to fetch user's events with below Graph API call, I got response successfully like this:
GET https://graph.microsoft.com/v1.0/users/user_id/events
Response:
If you want to work with Delegated permissions, make use of interactive flows like authorization code flow.
Reference: Microsoft identity platform and OAuth 2.0 authorization code flow
- POST https://localhost:5000/stored net::ERR_SSL_PROTOCOL_ERROR
- Adding timestamps to all console messages
- ERR_CERT_AUTHORITY_INVALID from Puppeteer running in Docker
- API returning one result instead of multiple 11ty/eleventy-fetch Promise.all call
- Showing HTML file in Node js Application
- How to check whether update succeeded in node.js and sqlite3 ?
- When using Actions2 in sails.js how do i validate the body object?
- Restart node upon changing a file
- Node require returns undefined
- React Native ios build : Can't find node
- npm how do I patch/bump my node package up to version 1.0.0
- How to parse request body of POST method in typescript?
- EncodeURIComponent/DecodeURIComponent with characters like "é"
- Get email notifications when new version of a package published
- Jest mock mockReturnValue not a function
- How to convert a Node stream.Readable into Web API ReadableStream in NodeJS?
- How to execute the Node.js test runner via JavaScript API with multiple reporters?
- How can I get all the routes (from all the modules and controllers available on each module) in Nestjs?
- Socket IO usage with Strapi Typescript
- Real Time Speech-To-Text Application using socket-io
- Access Denied issue with NVM in Windows 10
- Create React App not working on node 18 LTS version
- Use multiple Node versions in windows simultaneously
- How to pass API Gateway authorizer context to a HTTP integration
- How to create git hooks in Windows with Node.js?
- sh: husky: command not found
- Npm install gives warnings, npm audit fix not working
- vsts-npm-auth is not recognized as the name of a cmdlet
- Module not found: Can't resolve 'fs' in Next.js application
- how to set up cors() in typescript express