1

I've read lots of docs and different posts, but I can't get the right access token to read my own OneNote via api.

  • I have MS account and app in azure portal.
  • In graph-explorer I CAN read my OneNote.
  • If I copy access token from graph-explorer, then my code works fine.

BUT:

  • If I request access token from https://login.microsoftonline.com/{tried 'common' or my tenant_id here}/oauth2/v2.0/token, then it does not work:

The OAuth token provided does not have the necessary scopes to complete the request. Please make sure you are including one or more of the following scopes: Notes.ReadWrite.All,Notes.Read.All

  • I created app in azure portal and gave it all read permissions, which I found ( for both one-note and ms graph APIs, both delegated and application... just for test) and generated secret
  • I'm trying following request:
token_request_data = {
    'client_id': 'id from my app',     # also tried 'common'
    'scope': 'https://graph.microsoft.com/.default',  # other scopes cause errors
    'client_secret': 'secret from my app',
    'grant_type': 'client_credentials'
}

Perhaps somebody could give me a clue what I'm doing wrong ? :)

Sample request via graph explorer: https://graph.microsoft.com/v1.0/users/{my_username}@outlook.com/onenote/sections

Permissions in app (azure portal) screenshot

Permissions in graph explorer screenshot

jarekj9
  • 37
  • 4
  • Have you added application permissions 'Notes.Read.All' in Azure Application. As you are using client_credential grant type you need to give application permissions. Also share the graph call which you are using in graph explorer. Also share the screenshot of the permissions that you added in Azure AD Application – Shiva Keshav Varma Dec 13 '20 at 11:11
  • Hello, I added the screenshots and sample request at the end of my Question post. – jarekj9 Dec 13 '20 at 11:30
  • Notes.Read.All and Notes.readWrite.All are valid for Work or school accounts only. Please refer this [document](https://learn.microsoft.com/en-us/graph/permissions-reference#remarks-15). – Shiva Keshav Varma Dec 13 '20 at 11:37
  • @Shiva-MSFTIdentity You should make that the answer :) – juunas Dec 13 '20 at 11:50
  • Sure, Thanks for reminding @juunas :)- – Shiva Keshav Varma Dec 13 '20 at 11:51
  • Thank you, So it seems i can only have 'Notes.Read'. I won't be able to read my OneNote via API without logging in via browser ? – jarekj9 Dec 13 '20 at 11:53
  • Yes, as of now you cannot do that. If the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions. See https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work. – Shiva Keshav Varma Dec 13 '20 at 11:56

1 Answers1

2

Notes.Read.All and Notes.readWrite.All are valid for Work or school accounts only. Please refer this document.

Shiva Keshav Varma
  • 3,398
  • 2
  • 9
  • 13