Get 401 unauthorized when uploading bytes to the upload session

Gtman Chin 45 Reputation points
2024-06-28T13:24:06.6333333+00:00

Hi

I am using graph sdk 5.80.0 with Android phone. I always encounter an exception saying "com.microsoft.graph.core.ClientException: Error while executing the request" when I upload bytes of a file to my Onedrive after an upload session is created. Since the error message in the exception doens't tell much information for clarification, I add an intercept to graph client so that I can check the http request/body/response. I observed everything is fine when I create an upload session. However, 401 unauthorized error code is received when I upload the file to the created upload session.

I checked the PUT request and it looks correct. Any idea?

Request: POST https://graph.microsoft.com/v1.0/me/drive/items/CD26537079F955DF!5797:/IMG_20210902_101300670%7E2.jpg_0:/microsoft.graph.createUploadSession Request headers: accept*/* authorizationBearer EwBgA8l6BAAUbDba3x2OMJElkF7gJ4z/VbCPEz0AATh7ZDQqE4fK22Lh24Y+cVdtynye6WL9hQliwnOahGsH39FUSxiLtUbkQWmZAxJVOG/fyoRuobMRzUn82vHTn8jBJY8QE7W+thGlTZuWkufOKY7m51HxV8r8f/9ke0hQ4LObuvNYAQ2cRDKIuEsF/GMSyFI3snjaUX2tVdq2fTJpw9dQ8F1LQCxYpz6bMX4UY93vAx2O83oNqU8vvTbBYLqF0Ac9QzHMcytCmhZug45kEcsg4LSpMzZ15Dt6S6+8VdRLEbaH6KdYK6zDOcf/TDvQ9W9R4owEbo/KRpqkIlGlQwdVJiVDIBMSQ3sroWzq0NeJQ2ygTnE5yr6IvQ3/pnYDZgAACHqN/OQBVghlMAJisg0lepVhtVbjNTytvIe5TJ76T2gE957sMVA524Zimf3u44sS4YFrQoUrLNZeY+lBfq1SZdzlDo46eJR8r1DobBu+hYPVRLY5sjPZc+dpAw9TNcWDcUbX6iUVqOAP3hfAIsxtMS6mNtlNGSqX4+TxC88w5T1iB3erwfa client-request-idd706e4c5-ab33-428e-9c5a-e46c6fbc134d content-typeapplication/json sdkversiongraph-java/v5.80.0, graph-java-core/v2.0.20 (featureUsage=0), android/27 Request body: {"item":{"name":"IMG_20210902_101300670~2.jpg_0"}} Response: 200 Response headers: cache-controlno-store, no-cache, max-age=0, private client-request-idd706e4c5-ab33-428e-9c5a-e46c6fbc134d content-typeapplication/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 dateThu, 27 Jun 2024 00:34:41 GMT locationhttps://graph.microsoft.com odata-version4.0 request-idd6cb630e-f346-4a0e-9cf3-f1ff38fe266e strict-transport-securitymax-age=31536000 varyAccept-Encoding x-ms-ags-diagnostic{"ServerInfo":{"DataCenter":"Korea Central","Slice":"E","Ring":"4","ScaleUnit":"001","RoleInstance":"SE1PEPF0000BD38"}} Response body: {"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#microsoft.graph.uploadSession","expirationDateTime":"2024-06-27T00:49:41.269Z","nextExpectedRanges":["0-"],"uploadUrl":"https://my.microsoftpersonalcontent.com/personal/cd26537079f955df/_api/v2.0/drive/items/015FSBNTF763MM675GWNHZN2GLDPMCZ2AH/uploadSession?guid='a770c0fa-fc46-4091-98a6-d09de4b092e8'&overwrite=True&rename=False&dc=0&tempauth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaCIsImFwcGlkIjoiNTJjMzUyMmUtNjEyNC00OWE4LWE1MjktNWE2MjE1ZTQ0ODBiIiwiYXVkIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwM Request: PUT https://my.microsoftpersonalcontent.com/personal/cd26537079f955df/_api/v2.0/drive/items/015FSBNTF763MM675GWNHZN2GLDPMCZ2AH/uploadSession?guid=%27a770c0fa-fc46-4091-98a6-d09de4b092e8%27&overwrite=True&rename=False&dc=0&tempauth=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBfZGlzcGxheW5hbWUiOiJHcmFwaCIsImFwcGlkIjoiNTJjMzUyMmUtNjEyNC00OWE4LWE1MjktNWE2MjE1ZTQ0ODBiIiwiYXVkIjoiMDAwMDAwMDMtMDAwMC0wZmYxLWNlMDAtMDAwMDAwMDAwMDAwL215Lm1pY3Jvc29mdHBlcnNvbmFsY29udGVudC5jb21AOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIiwiY2FjaGVrZXkiOiIwaC5mfG1lbWJlcnNoaXB8MDAwMzdmZmU4MThkYmFhZE Request headers: accept*/* authorizationBearer EwBgA8l6BAAUbDba3x2OMJElkF7gJ4z/VbCPEz0AATh7ZDQqE4fK22Lh24Y+cVdtynye6WL9hQliwnOahGsH39FUSxiLtUbkQWmZAxJVOG/fyoRuobMRzUn82vHTn8jBJY8QE7W+thGlTZuWkufOKY7m51HxV8r8f/9ke0hQ4LObuvNYAQ2cRDKIuEsF/GMSyFI3snjaUX2tVdq2fTJpw9dQ8F1LQCxYpz6bMX4UY93vAx2O83oNqU8vvTbBYLqF0Ac9QzHMcytCmhZug45kEcsg4LSpMzZ15Dt6S6+8VdRLEbaH6KdYK6zDOcf/TDvQ9W9R4owEbo/KRpqkIlGlQwdVJiVDIBMSQ3sroWzq0NeJQ2ygTnE5yr6IvQ3/pnYDZgAACHqN/OQBVghlMAJisg0lepVhtVbjNTytvIe5TJ76T2gE957sMVA524Zimf3u44sS4YFrQoUrLNZeY+lBfq1SZdzlDo46eJR8r1DobBu+hYPVRLY5sjPZc+dpAw9TNcWDcUbX6iUVqOAP3hfAIsxtMS6mNtlNGSqX4+TxC88w5T1iB3erwfa client-request-iddd98a6e5-60f2-4dc2-9e6a-dec7eb9ef7d5 content-rangebytes 0-418996/418997 content-typeapplication/octet-stream sdkversiongraph-java/v5.80.0, graph-java-core/v2.0.20 (featureUsage=0), android/27 Request body: ����$Exif????MM??*??????????????????????�????????????m(????????????????????????????�???????? Response: 401 Response headers: cache-controlprivate, max-age=0 content-length64 content-security-policyframe-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com *.stream.azure-test.net .microsoftstream.com .dynamics.com .microsoft.com onedrive.live.com .onedrive.live.com securebroker.sharepointonline.com; content-typeapplication/json dateThu, 27 Jun 2024 00:34:41 GMT expiresWed, 12 Jun 2024 00:34:42 GMT last-modifiedThu, 27 Jun 2024 00:34:42 GMT microsoftsharepointteamservices16.0.0.25005 ms-cvoTaUqJ+AAFDGQQwbSO6mew.0 p3pCP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" request-iddd98a6e5-60f2-4dc2-9e6a-dec7eb9ef7d5 sprequestguiddd98a6e5-60f2-4dc2-9e6a-dec7eb9ef7d5 strict-transport-securitymax-age=31536000 varyOrigin www-authenticateWlid1.1 realm="WindowsLive", fault="BadContextToken", policy="MBI_SSL", ver="7.5.0.0", target="ssl.live.com", siteId="ssl.live.com", Bearer realm="9188040d-6c67-4c5b-b112-36a304b66dad",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@,D3776938-3DBA-481F-A652-4BEDFCAB7CD8@,https://sts.windows.net//,https://login.microsoftonline.com//v2.0,00000003-0000-0ff1-ce00-000000000000@90140122-8516-11e1-8eff-49304924019b",authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize",resource_suffix="v2" x-1dscollectorurlhttps://mobile.events.data.microsoft.com/OneCollector/1.0/ x-ariacollectorurlhttps://browser.pipe.aria.microsoft.com/Collector/3.0/ x-aspnet-version4.0.30319 x-cacheCONFIG_NOCACHE x-content-type-optionsnosniff x-databoundaryNONE x-frame-optionsSAMEORIGIN x-ms-invokeapp1; RequireReadOnly x-ms-suspended-featuresfeatures="" x-msedge-refRef A: 5FF45F51A76945BFB1529BFA4053AA2B Ref B: TYO01EDGE3612 Ref C: 2024-06-27T00:34:42Z x-networkstatistics0,525568,0,0,11494092,0,525568,150 x-powered-byASP.NET x-sharepointhealthscore2 Response body: {"error":{"code":"unauthenticated","message":"Unauthenticated"}}

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,270 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yakun Huang-MSFT 1,950 Reputation points Microsoft Vendor
    2024-07-01T02:57:33.11+00:00

    Hi @Gtman Chin

    The error message indicates that you are not authorized to log in as the user. To obtain the necessary token, please adhere to the authorization code flow. Prior to acquiring the token, it is required to send a request for user login authorization.

    https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345

    For more information about auth code flow please see this link:

    https://video2.skills-academy.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.