0

I'm creating an application in Azure AD as a daemon to get user phone authentication methods using the python msal library and calling the following following endpoint GET https://graph.microsoft.com/beta/users/{id | UPN}/authentication/phoneMethods but i get the following error

{
  "error": {
    "code": "accessDenied",
    "message": "Request Authorization failed",
    "innerError": {
      "message": "Request Authorization failed",
      "date": "2020-11-19T19:26:28",
      "request-id": "11975e07-ee6b-4bd2-9a74-7c175c5da560",
      "client-request-id": "11975e07-ee6b-4bd2-9a74-7c175c5da560"
    }
  }
}

My app has the required application permissions to get the info i'm looking for, which are UserAuthenticationMethod.Read.All and UserAuthenticationMethod.ReadWrite.All and it already works with different end points such as GET https://graph.microsoft.com/beta/users/{id | UPN}, this is the code i'm using in order to get the access token required and call the graph api

import json
import logging

import requests
import msal


config = {
"authority": "https://login.microsoftonline.com/TENANT_NAME",
    "client_id": "APP_ID",
    "scope": ["https://graph.microsoft.com/.default"],
    "secret": "APP_SECRET",
    "endpoint": "https://graph.microsoft.com/beta/users/{USER_ID}/authentication/phoneMethods"
}

app = msal.ConfidentialClientApplication(
    config["client_id"], authority=config["authority"],
    client_credential=config["secret"],
    )

result = None
result = app.acquire_token_silent(config["scope"], account=None)

if not result:
    logging.info("No suitable token exists in cache. Let's get a new one from AAD.")
    result = app.acquire_token_for_client(scopes=config["scope"])

if "access_token" in result:
    graph_data = requests.get(
        config["endpoint"],
        headers={'Authorization': 'Bearer ' + result['access_token']}, ).json()
    print("Graph API call result: ")
    print(json.dumps(graph_data, indent=2))
else:
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))

i tried to do the same thing using curl or postman and i get the exact same error, so i'm guessing it's an access token issue maybe ?

Thanks in advance

Improve this question
1
  • If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you :) Commented Nov 20, 2020 at 8:45

1 Answer 1

Reset to default
1

The api call does not support application permissions. You need to grant delegated permissions to the application, and then use the auth code flow to obtain the token.

enter image description here enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.