Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,041 questions
Graph API: Cannot access external content
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 36%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Chris Sommers
0
Reputation points
Our Microsoft Tenant has a service account ("Service", service@email.com) with a OneDrive that external users share folders to from their OneDrive (and SharePoint).
We created an App Registration for our service account to access content from Service's OneDrive. We are able to list files and folders in Service's OneDrive for local files and content shared from other users within our tenant at email.com.
Further, we can view content shared from external users/tenants with the endpoint: https://graph.microsoft.com/v1.0/me/drive/sharedWithMe?allowexternal=true
However, when we try to access any content from the results of the above GET request, it always a returns a 404 with error code "itemNotFound" and message "Item not found".
The App Registration has Files.ReadWrite.All permissions.
Here is an excerpt from the JWT Token:
A user at an external tenant named Ricky shared a folder named "Product" with us, which has 10 children, including files and folders. We want to be able to view subfolder contents and download all files (and iterate through all subfolder content).
When we call shareWithMe, we see this (truncated):
We are trying to access this item via the following calls:
We've tried the above endpoints with and without the "?allowexternal=true" parameter.
Every call we make returns with:
However, if we click on the web link, our user Service can access the files and folders through the browser, and view subfolder contents and download any content.
I've also tried this with other permutations of App Registrations with even higher privileges:
Azure
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,945 questions
{count} votes
-
Chris Sommers 0 Reputation points
2024-09-28T19:15:09.59+00:00 Here is a link to our python implementation, which fails with same error:
https://gist.github.com/cubesnyc/3d23587cacd5fa41e6ef279159e75313
Sign in to comment
Sign in to answer