Microsoft Graph API: Create subscription - Exception: [Status Code: Unauthorized] [Go]
- Goal: Create a subscription to the Sharepoint list service using the Microsoft Go SDK
- Progress: App is registered, client created and authenticated, and a validated webhook is set up.
- Stack: Go, msgraph-sdk-go, azidentity
After sending the response with the validation token (Create subscription: Example), the following message received:
Operation: Create; Exception: [Status Code: Unauthorized; Reason: General exception while processing]
The issue seems related to how the client is created, but testing various scopes (https://graph.microsoft.com/.default / Subscription.Read.All / Sites.Read.All) and client creation options did not resolve the exception. It's also worth noting that GET subscriptions function correctly.
const (
tenantId = "..."
clientId = "..."
clientSecret = "..."
siteId = "..."
listId = "..."
appScopes = "https://graph.microsoft.com/.default"
webhookBaseUrl = "..."
)
import (
"fmt"
"time"
"strings"
"context"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
)
func initializeGraphForUserAuth() (*msgraphsdk.GraphServiceClient, error) {
credential, _ := azidentity.NewClientSecretCredential(tenantId, clientId, clientSecret, nil)
graphClient, _ := msgraphsdk.NewGraphServiceClientWithCredentials(credential, strings.Split(appScopes, ","))
return graphClient, nil
}
func newSubscription(g *msgraphsdk.GraphServiceClient, listId string) (graphmodels.Subscriptionable, error) {
changeType := "updated"
notificationUrl := fmt.Sprintf("%s/webhook/resource-updates", webhookBaseUrl)
// lifecycleNotificationUrl := fmt.Sprintf("%s/webhook/subscription-lifecycle", webhookBaseUrl)
resource := fmt.Sprintf("/sites/%v/lists/%v", siteId, listId)
expirationDateTime := time.Now().Add(time.Hour)
clientState := "SecretClientState"
requestBody := graphmodels.NewSubscription()
requestBody.SetChangeType(&changeType)
requestBody.SetNotificationUrl(¬ificationUrl)
// requestBody.SetLifecycleNotificationUrl(&lifecycleNotificationUrl)
requestBody.SetResource(&resource)
requestBody.SetExpirationDateTime(&expirationDateTime)
requestBody.SetClientState(&clientState)
subscription, err := g.Subscriptions().Post(context.Background(), requestBody, nil)
return subscription, err
}
func main() {
startWebhook() // Handles subscription validation; no issues
graphClient, _ := initializeGraphForUserAuth()
getSubscriptions(graphClient) // Returns an empty list with subscriptions (expected); no exceptions
subscription, err := newSubscription(graphClient, listId)
fmt.Println(">>> ", subscription, err)
// >>> <nil> Operation: Create; Exception: [Status Code: Unauthorized; Reason: General exception while processing]
}
Solution
Yeah, the application appeared registered under "delegated permissions," whereas creating a Sharepoint list subscription requires an "application subscription."
https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-1.0&tabs=http#permissions
- In an Azure App Service, how do I allow DefaultAzureCredential to get bearer token from App Registration (Enterprise Application)?
- Powershell performance degraded when importing Az modules
- How to construct the hashed token signature for Azure Cosmos DB REST API to list users?
- How to make CosmosDB work with an Azure Web App
- AADSTS50011: The redirect URI specified in the request does not match the redirect URIs configured for the app
- Stopping or Disabling a resource group in Azure
- Why I got an error request every 5 minutes in an Azure App Service
- I have try to create event in microsoft outlook calendar but coming error Access token validation failure. Invalid audience
- FQDN on Azure Virtual Machine
- azurerm - Terraform not behaving as expected
- How to get all possible AppServicePlan configurations from an Azure subscription?
- How to register your Azure resource as an Application in Azure Active Directory?
- How to Compare Variables in the Azure Library-Variable Group
- azure ai studio - indexing problem (ai search)
- The template output 'ctrName' is not valid: The language expression property array index '4' is out of bounds
- Microsoft Graph API: Create subscription - Exception: [Status Code: Unauthorized] [Go]
- After Upgrade Azure Function .Net 8 - How to handle Dependecy Injection from Startup.cs?
- How does using a proxy between frontend and backend improve security?
- How to verify JWT id_token produced by MS Azure AD?
- Azure Video Indexer API: "USER_NOT_ALLOWED" Error When Checking Blurring Job Status After Completion of Bluring
- Azure arm64 VM sku with nested virtualization
- Set ouput of GitHub action workflow after using azure/login@v2 step
- Redirect service (302) in Azure, best possible approach?
- Why the redirect uri has no fragment parameters on the first try?
- Trying to get Azure AI to work with Nuxt 3
- How do I pull the last modified file with data flow in Azure Data Factory?
- Pass AzureML job's name to pipeline
- Using the Microsoft Graph API to load files from Sharepoint into Databricks
- Databricks Numeric Type comparsion (Int vs Double)
- Azure Synapse time out - Token expire