6

I have created several lists in SharePoint Online within a subsite each of which have a number of rows of data and I am now trying to access this list and it's row data (items) via the Graph API.

I have managed to successfully access the List information in 2 different ways;

  1. GET https://graph.microsoft.com/beta/sites/{root}:/{path}:/lists/{list-name}
  2. GET https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-name}

However now when I try to use either of those ways to get the underlying items;

  1. GET https://graph.microsoft.com/beta/sites/{root}:/{path}:/lists/{list-name}/items
  2. GET https://graph.microsoft.com/beta/sites/{site-id}/lists/{list-name}/items

NOTE: I've also tried expanding the fields (E.g. /items?$expand=fields) but with no luck.

it just returns response with an empty value array e.g. 

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#sites('{site-id}/lists('{list-name}')/items)",
    "value": []
}

I am using Service Auth mechanism outlined here: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service and I the following permission setup;

  • User.Read.All
  • Group.Read.All
  • Directory.Read.All
  • Sites.ReadWrite.All

I decided to try to access the data with the same queries using the Online Graph explorer with my credentials and the data returned without a problem so I would assume it is something to do with accessing via the authentication mechanism above.

UPDATE

The more I investigate this the more it appears to relate to Site/List permissions. I removed my access permissions on one of the lists and it returned the same response as above (e.g. empty values array) whereas previous it worked. I really cannot understand how you would provide Site/List permissions for a userless app (e.g. following this route: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service).

Any advice or pointers on what possibly could be causing the problem would be greatly appreciated.

Thanks, John

Improve this question
2
  • yes at starting I also had the same problem,the we need to do is change the permission scopes as follows <add key="ida:GraphScopes" value="User.Read.All Mail.Send Files.ReadWrite.All Directory.Read.All"/> then it works Commented Nov 21, 2018 at 5:17
  • Take a look at stackoverflow.com/a/54555627 for some hints. Commented Apr 6, 2021 at 9:13

1 Answer 1

Reset to default
3

I'm not sure if you are still having the problem, but I was experiencing the same. I could perform the query using Graph Explorer but not when I tried in code. I could get all the way to the SP List but not the SP List Items. I am using the example provided on GitHub (here).

After many iterations of trying different things out, I finally found the issue. It was in the ValuesController.cs file. Specifically, you need to add each permission to the "graphScopes". By adding "Sites.Read.All", I was able to return SP List Items.

     string[] graphScopes = { "Files.Read.All","Sites.Read.All" };                
            AuthenticationResult result = null;
            try
            {
                // The AcquireTokenOnBehalfOfAsync method will first look in the MSAL in memory cache for a
                // matching access token. Only if there isn't one, does it initiate the "on behalf of" flow
                // with the Azure AD V2 endpoint.
                result = await cca.AcquireTokenOnBehalfOfAsync(graphScopes, userAssertion, "https://login.microsoftonline.com/common/oauth2/v2.0");
            }
            catch (MsalServiceException e)
            {
            }
Improve this answer
0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.