My question seems similar to OneDrive for Business REST API - PUT,POST - 401 Unauthorized
However, instead of uploading, I am trying to download a file. What's strange is that I do get the file contents and data, but the response code is a 401.
Any idea why? Of course, I would like to be receiving a 200 and not have to ignore the response code.
As far as my Azure AD app permissions go, I am allowing pretty much all read permissions under delegated permissions for Office 365. I have listed all the permissions I selected here, for your reference.
Delegated Permissions I am allowing for Office 365:
Read managed metadata
Run search queries as a user
Read items in all site collections
Read user files
Delegated Permissions I am allowing for Windows Azure Active Directory:
Enable sign-on and read users' profiles
I have not enabled anything under Application Permissions.
There is a bug in our implementation - if you provide an Authorization: header with a bearer token on the download URL (which is pre-authenticate) the service rejects the authentication (hence the 401) but since the URL is pre-authenticated, the contents of the file are still sent.
We're working on a fix. You can track the status by watching this issue on our GitHub repo: https://github.com/OneDrive/onedrive-api-docs/issues/189
Related
I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?
I have an app to work with MS group Documents files.
For a public group, I am creating files with the app and sharing direct invite to a tenant user (Not a member of the group) using permission API:
POST https://graph.microsoft.com/v1.0/drives/{drive_id}/root:/Document.docx:/invite
I am observing it is giving success response always but permission is not always created for the file. I verified on the UI also. Sometimes, UI does not show the User in the Manage Permission list. The API behavior is inconsistent.
Once this situation occurs, PATCH permission and GET specific permission fails for this File even if invite API response was success. PATCH permission fails with 400 error code.
I have tried this using MS Graph Explorer as well. I am observing this issue using the Graph Explorer as well.
Has anybody come across this issue and dealt with it?
[Edit] I have observed this issue for public group only. For User onedrive and private group drive I am not getting this issue.
I have an application that used SkyDrive API. After SkyDrive was replaced I upgraded my code to use OneDrive API.
Looking my application in the dev page (https://account.live.com/consent/Manage) I could notice that the scopes I used with SkyDrive ("wl.offline_access", "wl.signin", "wl.basic", "wl.skydrive", "wl.skydrive_update") and the scopes I used with OneDrive ("onedrive.readwrite", "onedrive.appfolder", "wl.offline_access") were there.
Everything was working until last month, even with all these scopes. But now I'm not being able to upload files. I'm receiving a Bad Request error (Code 400).
I discovered that adding the ""onedrive.readonly" scope fix the upload but I don't know why. I also know that an application with only the OneDrive scopes ("onedrive.readwrite", "onedrive.appfolder", "wl.offline_access") also works.
Does anybody knows what's going on?
Check if the oAuth token has Files.ReadWrite capability using
http://jwt.calebb.net/.
If not present, when you are logging in the user, give the scope while obtaining code as
files.readwrite.all offline_access
I would like to use server-side flow to get read access to user's spaces.
Here is my login URL
https://podio.com/oauth/authorize?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=space:read
But Podio asking me full permission.
I tried different options
https://developers.podio.com/authentication/scopes
The scope argument is currently in Beta only and therefore not available for everybody. We still have some work to do on the granular authentication project before we are able to release it to public.
I'm building a Windows service that connects to OneDrive for Business via the Graph API using this method:
https://graph.microsoft.io/en-us/docs/authorization/app_only
I've successfully authenticated my application and have a token for making calls to Graph API. I have given my Azure AD application permissions to both Windows Azure Active Directory and Microsoft Graph (all application and delegated permissions have been selected for both).
My goal is to get the contents of a folder that resides in a specific user's OneDrive. I need to make the following Graph API call:
//graph.microsoft.com/v1.0/users('user-guid')/drive/items/long-item-id-here/children
I can execute this request successfully using Microsoft Graph Explorer (logged in with my Office 365 credentials). When I try to make the same call as an application (using the auth token received above), I get an "itemNotFound" code with the message "The resource could not be found." (request-id:
5e814dce-c4c2-4615-90e6-ea8ab90cbc49). However, I am able to query the root and the "folder.childCount" property shows the correct number of children in the root:
//graph.microsoft.com/v1.0/users('user-guid')/drive/root
I've set the folder's sharing to "All Authenticated Users" and I still receive "The resource could not be found" from the API call.
Any ideas on what I'm missing here?
The marked answer is no longer the case. You can now access OneDrive and SharePoint resources using a Client Credentials grant (aka "App Only").
The applicable scopes are Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All
The application is using App-only authorization which is currently not supported for accessing OneDrive for Business through Microsoft Graph API. Please use delegated flow, which is used by Graph Explorer.