Trying get Organization details in AzureChina Region using Microsoft Graph APIs in Postman using Device code Authentication
The Steps I am following are as below in postman
Create Device Code using power-shell client ID https://login.chinacloudapi.cn/common/oauth2/v2.0/devicecode?client_id=1950a258-227b-4e31-a9cf-717495945fc2&scope=https://microsoftgraph.chinacloudapi.cn/.default
Login as Global Administrator from browser using received short code https://microsoft.com/deviceloginchina
Get the Access token https://login.chinacloudapi.cn/common/oauth2/v2.0/token using
- grant_type = urn:ietf:params:oauth:grant-type:device_code
- client_id = 1950a258-227b-4e31-a9cf-717495945fc2
- device_code= "Device Code Received From First Request"
Now trying to get the to get the organization details using access token received in above step using API https://microsoftgraph.chinacloudapi.cn/v1.0/organization
This request is failing with following error
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-02-02T13:47:13",
"request-id": "c94777b2-2af5-4827-812d-6399f9621ee3",
"client-request-id": "c94777b2-2af5-4827-812d-6399f9621ee3"
}
}
}
It will be helpful if can point me the failure reason for getting organization details
Note :
- I am able to get the response properly in postman if I create access token using AZ cli utility and use it in postman
- Get organization api works with graph explore (china) also
[Decoded Access Token screen shot] [1]: https://i.stack.imgur.com/npKG7.png
As your error message says, you lack the permission to read organization information. According to the screenshot of your token, you currently only have the permission to read audit log data.
Therefore, you need to grant
Organization.Read.Alldelegation permission for the application, and grant the admin consent for the permission. Finally, you will be able to call the api to read the organization information.