rest - Microsoft Graph REST API v1.0 - List personal contacts using application permissions

问题描述

I've registered a web application in Azure Portal, granted it a Contacts.Read permission, gave it an administrator consent and now trying to list personal contacts of a particular user with Microsoft Graph REST API v1.0 using this application.

At first i'm trying to get an access token by sending POST request to https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token with following body parameters: scope=https://graph.microsoft.com/contacts.read, grant_type=client_credentials, my client_id and my client_secret.

In response i'm getting an error 400 Bad Request. Body: {"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/contacts.read is not valid."}

When i'm replacing scope parameter in token request like this: scope=https://graph.microsoft.com/.default, i'm actually receiving 200 OK and my Bearer token in response.

But when i'm requesting user personal contacts by sending GET request to https://graph.microsoft.com/v1.0/users/{user_id}/contacts with this token, i'm getting 401 Unauthorized in response with following error:

"code": "NoPermissionsInAccessToken", "message": "The token contains no permissions, or permissions can not be understood.",

I've also tried to replace the scope value in my token request with {app_id_uri}/.default and {app_id_uri}/contacts.read with no luck.

So how do i list user personal contacts using Microsoft Graph REST API v1.0? What am i doing wrong?

EDIT: Permissions screenshot:

标签： restapiazure-active-directorymicrosoft-graph-apiazure-webapps