Comments (12)
jasonjoh
commented on August 29, 2024
1
Yes - you should set tenantId to your actual tenant ID only if you chose the "Accounts in this organizational directory only" option. Since you're using a personal account, this option would not be valid for you - personal accounts are not part of any organizational directory.
I'm glad that got you unblocked!
from msgraph-training-python.
jasonjoh
commented on August 29, 2024
@eeintech The error seems to indicate that the API is sending back HTML in the response, rather than the expected JSON. This would be some unexpected error from the Microsoft Graph service. Could you try making a similar request using Graph Explorer with the same user account? The equivalent list mailbox query would be:
GET https://graph.microsoft.com/v1.0/me/mailFolders/inbox/messages?$select=from,isRead,receivedDateTime,subject&$top=25&$orderby=receivedDateTime%20DESC
Out of curiosity, why do I need an application for user authentication?
I assume you're referring to the app registration? That's a requirement of Microsoft Entra ID's OAuth 2.0 implementation. I believe all OAuth implemenations require it in some form (to get a client ID). See https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/.
from msgraph-training-python.
eeintech
commented on August 29, 2024
@eeintech The error seems to indicate that the API is sending back HTML in the response, rather than the expected JSON. This would be some unexpected error from the Microsoft Graph service. Could you try making a similar request using Graph Explorer with the same user account? The equivalent list mailbox query would be:
Using GraphExplorer, at first it fails with this error:
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}And it is explicitly telling me how to fix it: Either the signed-in user does not have sufficient privileges, or you need to consent to one of the permissions on the Modify permissions tab
After a consent to Mail.Read it works fine. Same process if I want to send an email.
And then if I go back to my Test App, still the same error...
My main problem is that I believe Graph Explorer and this tutorial/sample app are two quite different setups, I never have to register an application, specify tenant and client ID, etc. in Graph Explorer, so it is neat for so some quick testing but does not explain the discrepancy. It feels like something missing in the tutorial to tell you how to get the same point...
from msgraph-training-python.
jasonjoh
commented on August 29, 2024
My main problem is that I believe Graph Explorer and this tutorial/sample app are two quite different setups, I never have to register an application, specify tenant and client ID, etc. in Graph Explorer, so it is neat for so some quick testing but does not explain the discrepancy. It feels like something missing in the tutorial to tell you how to get the same point...
Yes, that's right. I just wanted to test if there was an API/service problem unrelated to the code. For the API to return HTML, something unexpected is happening. Are you behind a proxy perhaps?
I also noticed that some of your dependencies are older versions. Try this command to update:
pip install -r requirements.in --upgrade --upgrade-strategy eagerfrom msgraph-training-python.
eeintech
commented on August 29, 2024
@jasonjoh I have tried updating the dependencies (you were right they were older) but I'm now getting this error:
Error:
MailboxNotEnabledForRESTAPI The mailbox is either inactive, soft-deleted, or is hosted on-premise.I have checked my mailbox and it's active, I can access it.
I am not sure about the proxy, could this error be because of it?
from msgraph-training-python.
jasonjoh
commented on August 29, 2024
That error indicates there is an issue with the authenticated user's mailbox that makes Graph unable to access it. In order to access the mailbox, it must be an Exchange Online or Outlook.com mailbox. If this is your work email, you may need to check with your IT admins to verify what type of mailbox you have.
However you said it worked for you in Graph Explorer - are you authenticating as the same user?
from msgraph-training-python.
eeintech
commented on August 29, 2024
When I run python main.py I get this:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ABCD12345 to authenticate.
Hello, Francois XXX
Email: [email protected]but my actual email address is [email protected]
Not sure why the email shown in the intro message does not match with my actual email address? 🤔
from msgraph-training-python.
jasonjoh
commented on August 29, 2024
That looks similar to what I've seen with a guest account in a Microsoft 365 tenant. If you're authenticating as a guest, you won't be able to access your mailbox.
When you registered your application, did you choose the option for "Supported account types" that includes personal Microsoft accounts?
from msgraph-training-python.
eeintech
commented on August 29, 2024
I don't think I'm authenticating as a "guest", or maybe I'm missing something but I am using my personal account to login.
I tried different "supported account types":
-
My organization only
Has the error shown above -
Personal Microsoft account users
Fails to even start the authentication (the browser page does not open).
Traceback:
$ python main.py
Python Graph Tutorial
DeviceCodeCredential.get_token failed: Couldn't begin authentication: AADSTS9002331: Application 'aef4962f-d316-4509-bed1-f690e355a192'(Personal App) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request. Trace ID: 04360a2b-19c0-4f6b-aace-fb86f5fcbd00 Correlation ID: a6ef9900-b5f6-4ad7-b257-3d5cb2df8180 Timestamp: 2024-03-21 13:09:13Z
Traceback (most recent call last):
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 112, in <module>
asyncio.run(main())
File "C:\Python311\Lib\asyncio\runners.py", line 190, in run
return runner.run(main)
^^^^^^^^^^^^^^^^
File "C:\Python311\Lib\asyncio\runners.py", line 118, in run
return self._loop.run_until_complete(task)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Python311\Lib\asyncio\base_events.py", line 653, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 20, in main
await greet_user(graph)
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 58, in greet_user
user = await graph.get_user()
^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\graph.py", line 52, in get_user
user = await self.user_client.me.get(request_configuration=request_config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\msgraph\generated\users\item\user_item_request_builder.py", line 157, in get
return await self.request_adapter.send_async(request_info, User, error_mapping)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 178, in send_async
response = await self.get_http_response_message(request_info, parent_span)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 523, in get_http_response_message
await self._authentication_provider.authenticate_request(
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_abstractions\authentication\base_bearer_token_authentication_provider.py", line 50, in authenticate_request
token = await self.access_token_provider.get_authorization_token(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 103, in get_authorization_token
result = self._credentials.get_token(*self._scopes, claims=decoded_claim)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\azure\identity\_internal\interactive.py", line 162, in get_token
result = self._request_token(*scopes, claims=claims, tenant_id=tenant_id, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\azure\identity\_internal\decorators.py", line 79, in wrapper
return fn(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\azure\identity\_credentials\device_code.py", line 91, in _request_token
raise ClientAuthenticationError(
azure.core.exceptions.ClientAuthenticationError: Couldn't begin authentication: AADSTS9002331: Application 'aef4962f-d316-4509-bed1-f690e355a192'(Personal App) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request. Trace ID: 04360a2b-19c0-4f6b-aace-fb86f5fcbd00 Correlation ID: a6ef9900-b5f6-4ad7-b257-3d5cb2df8180 Timestamp: 2024-03-21 13:09:13Z- All Microsoft account users
Goes through authentication but fails to deliver token after browser tab is closed.
Traceback:
$ python main.py
Python Graph Tutorial
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code EBSD28YZH to authenticate.
DeviceCodeCredential.get_token failed: Authentication failed: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 827afb20-b032-4161-ab09-c3b75d088f00 Correlation ID: bb464af5-c25d-405c-98b1-95623f01d7dd Timestamp: 2024-03-21 13:02:53Z
Content: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 827afb20-b032-4161-ab09-c3b75d088f00 Correlation ID: bb464af5-c25d-405c-98b1-95623f01d7dd Timestamp: 2024-03-21 13:02:53Z","error_codes":[7000218],"timestamp":"2024-03-21 13:02:53Z","trace_id":"827afb20-b032-4161-ab09-c3b75d088f00","correlation_id":"bb464af5-c25d-405c-98b1-95623f01d7dd","error_uri":"https://login.microsoftonline.com/error?code=7000218"}
Traceback (most recent call last):
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 112, in <module>
asyncio.run(main())
File "C:\Python311\Lib\asyncio\runners.py", line 190, in run
return runner.run(main)
^^^^^^^^^^^^^^^^
File "C:\Python311\Lib\asyncio\runners.py", line 118, in run
return self._loop.run_until_complete(task)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Python311\Lib\asyncio\base_events.py", line 653, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 20, in main
await greet_user(graph)
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\main.py", line 58, in greet_user
user = await graph.get_user()
^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\graph.py", line 52, in get_user
user = await self.user_client.me.get(request_configuration=request_config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\msgraph\generated\users\item\user_item_request_builder.py", line 157, in get
return await self.request_adapter.send_async(request_info, User, error_mapping)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 178, in send_async
response = await self.get_http_response_message(request_info, parent_span)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_http\httpx_request_adapter.py", line 523, in get_http_response_message
await self._authentication_provider.authenticate_request(
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_abstractions\authentication\base_bearer_token_authentication_provider.py", line 50, in authenticate_request
token = await self.access_token_provider.get_authorization_token(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\kiota_authentication_azure\azure_identity_access_token_provider.py", line 103, in get_authorization_token
result = self._credentials.get_token(*self._scopes, claims=decoded_claim)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\development\tests\msgraph-training-python\user-auth\graphtutorial\.env\Lib\site-packages\azure\identity\_internal\interactive.py", line 166, in get_token
raise ClientAuthenticationError(message=message, response=response)
azure.core.exceptions.ClientAuthenticationError: Authentication failed: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 827afb20-b032-4161-ab09-c3b75d088f00 Correlation ID: bb464af5-c25d-405c-98b1-95623f01d7dd Timestamp: 2024-03-21 13:02:53Z
Content: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 827afb20-b032-4161-ab09-c3b75d088f00 Correlation ID: bb464af5-c25d-405c-98b1-95623f01d7dd Timestamp: 2024-03-21 13:02:53Z","error_codes":[7000218],"timestamp":"2024-03-21 13:02:53Z","trace_id":"827afb20-b032-4161-ab09-c3b75d088f00","correlation_id":"bb464af5-c25d-405c-98b1-95623f01d7dd","error_uri":"https://login.microsoftonline.com/error?code=7000218"}from msgraph-training-python.
jasonjoh
commented on August 29, 2024
Ok. Let's try this. If you can register an app and choose "Personal Microsoft accounts only":
Then on the Authentication tab, make sure to turn on Allow public client flows (be sure to Save after toggling the setting):
Then update the clientId and tenantId in config.cfg. Set clientId to the new client ID from this app registration, and set tenantId to consumers.
The end result should be that the prompt is slightly different:
Python Graph Tutorial
To sign in, use a web browser to open the page https://www.microsoft.com/link and enter the code EQ9N4HVL to authenticate.from msgraph-training-python.
eeintech
commented on August 29, 2024
@jasonjoh Ha yes I had forgot about allowing the public client flow, thank you for the reminder. And I did not know about setting the tenantId = consumers! In the tutorial, it tells to use the tenant ID of the application:
Maybe it should be added to the documentation?
Now it works fine for the "Personal Microsoft accounts only" app, not sure why the other type of apps don't work with the tutorial...
EDIT: this method works for "All Microsoft account users" app too.
from msgraph-training-python.
eeintech
commented on August 29, 2024
Understood, thanks a lot for the help @jasonjoh !
from msgraph-training-python.
Related Issues (7)
- This repo is missing important files
- _assign_field_values tries to iterate over a string HOT 1
- broken with kiota-serializers-json 0.3.5 HOT 3
- Error in samples: 'GraphRequestAdapter' object has no attribute 'get_token'
- TypeError: Can't instantiate abstract class GraphRequestAdapter with abstract method convert_to_native_async HOT 4
- SSLCertVerificationError when following the tutorial HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msgraph-training-python.