Microsoft Graph API 预订 - 此请求的授权已被拒绝

Question

I have been spending almost a day just to work out how to create a Booking using Microsoft Graph API. I'm trying this out using Postman.

The Problem

When I raise the below request, I get a 401 exception saying:

Authorization has been denied for this request.

My Application Scenario

Basically I will need to get the authorization code without having the user signed in - it will be like service to service kind of scenario. In essence, I will have an Azure Function App API (HTTP Triggered) that communicates with MS Graph API and is called from another application hosted totally somewhere else.

What I have done so far

1. Here is how I have registered an app in Azure AD with the permission Bookings.Manage.All .

2. And here, the Postman API to grab a token which successfully returns a token to me:

3. And finally, another Postman API to create a booking entity using the MS Graph API which returns with the 401 exception mentioned earlier:

Even I coded up something to experience it through the code too with the hope of finding more details but yet the same result, that is, the 401 exception. Here is a screenshot of my draft coding:

After putting the token in jwt.io , I realized that only the application permissions are shown and not the delegate ones, and the booking permissions are delegate permissions actually. I assume this has something to do with the 401 exception I'm receiving.

I've been reading through blogs everywhere but haven't managed to sort this out yet. Wondering if I'm missing something here using something wrongly?

Answer 1

Actually, I've found out that because the Booking permissions are of type delegate , therefore, we cannot use client_credential flow, rather the password flow must be used. And a helpful answer on this stackoverflow post .