This is such a tl;dr dense explanation that it brings tears to my eyes, abstractly. I used all this about two years ago but now I've got to dive back into it very quickly and this is perfect to re-acquaint myself. Thank you.
TERRIFIC video Jeremy !!!! Very nicely explained, I successfully used this (even with some changes to Graph as of November 2022) to get my Graph requests running in Postman !!
Thank you ! Very helpful. I am new to postman and trying to learn as much . The folder structure you have and the environment settings were very helpful for me.
Postman has changed a lot in the three years since this video was made. The Microsoft flows probably have, too. Can we get an updated version of this video?
This is a good guide, as a newb I noticed when I fork the Microsoft Graph Collection that the environment variables do not follow. I have not figured out how to add that yet so instead I directly put the information into the (ClientId, etc) where it needs to go and it works
Why is it that when I click Get Access Token on delegated 6:29, no login screen appears and just gets the Authenticated Token immediately? Then all functions using /me is returning "/me request is only valid with delegated authentication flow."?
I am having trouble executing this for application permissions. Delegated works fine, but I can set it up exactly as you did for application permissions and I am still getting "Authorization_RequestDenied" Is there another permission I need to grant in the app?
This is the problem with these cloud providers, They change functionality every day and never update the documentation , and then developer just head around to understand some basic stuff. Really Frustrating (as I am also facing same issue)
Wish I found this video earlier. (Probably spent 2-3 hours in figuring out how to do it - Core networking background) Can you please make a video on how to update the changes to user profile in AAD or other SaaS applications?
what do we need to change in order to call mailing APIs from postman or daemon application ? i am getting the token but im unable to call the APIs , even tho i assigned the permissions
@@JeremyThake By following the link I was able to fork the collection, but Envt variables were missing it was not big effort to do it ourselves as there were only few variables to declare . However was wondering if I have missed any thing / better way to fork to get these as well.
Great video Jeremy. I believe I have followed to the letter, however, I get the following error when making my request. "code": "Authorization_IdentityNotFound", "message": "The identity of the calling application could not be established.". I'm not sure what to do that this point.
@@JeremyThake Thanks I think the issue is that the initial scopes being requested by postman appear to not include enough for the file management stuff to work. In code, I had to expand my scopes to include files.readwrite.all. I'm not sure where you can do that in postman.
If you notice in the video. I grant scopes in the azure ad application in portal.azure.com. You could change the scopes in the auth settings in postman config and next time you get a token you’ll be prompted to consent. It’s just easier how I show in video
Thanks for the video. I was trying to fork things myself and got stuck. The step-by-step was helpful. Quick question. Is there documentation somewhere describing Graph permissions explicitly? I’m an application admin, an azure ad admin, etc. but there are multiple Graph API calls that declare I don’t have sufficient permissions (and I don’t seem to be able to grant admin consent for apps, even though I did it for an unrelated powershell test app months ago). And the tenant admin isn’t sure what to grant me (they can do the app grant). Thanks!
I get this Error: AADSTS700016: Application with identifier '0d7ee8af-6ce0-4bxxxxx' was not found in the directory 'f8cdef31-a31e-4b4xxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant What is wrong?
Are you using an app I’d you created in the same azure ad tenant? And signed into the tenant as the administrator? Best thing to do is sign up for a developer tenant to tinker until you’re comfortable with it
A question, what is the differences between the graph explorer access token and postman. Getting tokens in postman works for many endpoints n graph but not all even though its the same user signed into explorer and postman. Looking at the permission scopes using jwt.ms, the permissions are the same. Really, it just appears to be a difference in the appId (client_id). What does graph explorer do that allows it to work without the issues I find using postman and its app-only or user based access tokens?
You have to add permissions in your azure ad app that is configured in postman for the token to pick up those consent permissions. And then the apis will work. Graph explorer is exactly the same. You have to consent graph explorer to the permissions you need and under the covers that will modify the azure ad consent for your user.
@@JeremyThake Hi Jeremy, thank you for the reply. I do not want to bog you down with questions so lastly: I have added and admin consented to all permissions in azure. I want the app-only access token and have added the application permissions. Are you saying that there is another location to give consent, such as when a user is prompted by Microsoft to consent to the permissions?
Hi, video was very helpful. I am trying to send email on behalf of other user with generated refresh token, but getting MailboxNotEnabledForRESTAPI error. Anyone has any idea about that.
How do you get the client-id, client-secret and tenant for using personal account? Do we still need to register an application on azure ? If yes, can we delete the application later ?
Yes create it in the same way. But you have to change the azure ad app from Organization to Personal in the first screen where it gives you options about multi tenant or single tenant or consumer. And yes it’s your app , you can delete when you like.
Thank you Jeremy. This is helpful. I have followed your video and used the free microsoft developer account to test this feature. I was able to send mail. Now what I am struggling is the access token is expired, I understand that I can use refresh token . Does refresh token also get expired ?
@@andrewpasto6651 for postman, you can just get a new access token repeating the steps. You only really need to worry about Refresh tokens in long running applications or interactive applications. In which case I’d recommend using MSAL SDKs for auth alongside our Graph SDKs as this is easily handled for you.
ews does support Oauth2 flows, but we are encouraging everyone to call Microsoft Graph as this is the strategic direction and focus for us. What scenario do you still need to use EWS for?
Hi, what happens if you want to only access a specific, not all users. From a microservice, I want to send an email on behalf of a specific email account.
You can call send mail on behalf of a user . But you’ll need the user to sign in on a front end and store their token in your backend and keep it refreshed. Best to ask for more on aka.ms/askGraph
Thanks, great tutorial! One question: How long will that bearer token that got generated be valid? Does it expire at all? The background is, that i want an Python Application to use this token for regularly fetching data from sharepoint.
You probably dont care at all but does anybody know of a way to get back into an Instagram account? I was stupid lost my password. I appreciate any tricks you can give me!
This is such a tl;dr dense explanation that it brings tears to my eyes, abstractly. I used all this about two years ago but now I've got to dive back into it very quickly and this is perfect to re-acquaint myself. Thank you.
Thank you for walking through fail, tell us why, fail, tell us why, fail, tell us why, succeed! Great introduction.
You know. When you step on mines, it’s good to share where they are! Nice to see you’re taking a look at this!
@@JeremyThake When you are in a minefield it's best to have someone else go first. :)
TERRIFIC video Jeremy !!!! Very nicely explained, I successfully used this (even with some changes to Graph as of November 2022) to get my Graph requests running in Postman !!
This is perfect explanation under10 minutes.well done
Brilliant !! - thank you , ive been struggling going through the docs for hours before i saw your video !
I spent hours to get result from postman. Thank you for explaining. Very helpful.
Best explaination ever found. Thank you
Thank you for sharing! Looking forward to see more videos
You’re welcome! Please remember to subscribe to my channel . I’ll be posting more on these collections in Jan.
Thank you ! Very helpful. I am new to postman and trying to learn as much . The folder structure you have and the environment settings were very helpful for me.
Saved me tons of time thank you!
Amigo, muchas gracias por tu aporte, tu video es y será un aporte para muchos que necesitamos estos aportes. Saludos.
Postman has changed a lot in the three years since this video was made. The Microsoft flows probably have, too. Can we get an updated version of this video?
This was very helpful. Thanks Jeremy.
This is a good guide, as a newb I noticed when I fork the Microsoft Graph Collection that the environment variables do not follow. I have not figured out how to add that yet so instead I directly put the information into the (ClientId, etc) where it needs to go and it works
How did you get to "on behalf of a user"? I don't see the option?
Ahh it's been renamed to delegated
I need to redo this video as yes as you discovered, it was renamed to match how our docs talk about these permissions. Sorry for the confusion.
Why is it that when I click Get Access Token on delegated 6:29, no login screen appears and just gets the Authenticated Token immediately? Then all functions using /me is returning "/me request is only valid with delegated authentication flow."?
Even I'm getting the same issue
Awesome video Jeremy, thanks !
Thank you, this video is a lifesaver :)
Thank you very much, Jeremy!
Extremely useful video. Thanks a lot Jeremy.
Extremely useful tool and excellent video - thanks!
You’re welcome! Please remember to subscribe to my channel . I’ll be posting more on these collections in Jan.
I am having trouble executing this for application permissions. Delegated works fine, but I can set it up exactly as you did for application permissions and I am still getting "Authorization_RequestDenied"
Is there another permission I need to grant in the app?
This is the problem with these cloud providers, They change functionality every day and never update the documentation , and then developer just head around to understand some basic stuff. Really Frustrating (as I am also facing same issue)
thanks, very helpful video
SUPER helpful video! Thanks.
Very nice demo. Thanks for sharing. Very helpful for beginner like me.
You’re welcome! Please remember to subscribe to my channel . I’ll be posting more on these collections in Jan.
Wish I found this video earlier. (Probably spent 2-3 hours in figuring out how to do it - Core networking background)
Can you please make a video on how to update the changes to user profile in AAD or other SaaS applications?
"code": "BadRequest",
"message": "Tenant does not have a SPO license.",
how i fix this any license it's should be purchase?
what do we need to change in order to call mailing APIs from postman or daemon application ? i am getting the token but im unable to call the APIs , even tho i assigned the permissions
Hi, Thanks for the helpfull Video, Where would one get the Auth URL and Token URL fir the autherization of the API?
Very Helpful. Thank You
Thanks for this informative video. Can you help me in how to get teams call record details using Graph API in postman?
on the clone repo (or whatever) in postman there is no On behalf of Structure?????? so tuck at that point
Old video. its called Delegated now.
@@JeremyThake Now even I am not finding the Delegated :(
Thanks very useful!
Help Please: After forking the postman collection I do not get the Envt Configuration in my Postman (Desktop App)
It’s a known issue. If you follow the steps in our docs it explains how to create it
docs.microsoft.com/en-us/graph/use-postman
@@JeremyThake
By following the link I was able to fork the collection, but Envt variables were missing it was not big effort to do it ourselves as there were only few variables to declare . However was wondering if I have missed any thing / better way to fork to get these as well.
No postman are working on this feature for forks to bring environment settings
Great video Jeremy. I believe I have followed to the letter, however, I get the following error when making my request. "code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.". I'm not sure what to do that this point.
Your best bet is to go to aka.ms/askGraph that isn’t an easy one to solve here and will need more info
@@JeremyThake Thanks I think the issue is that the initial scopes being requested by postman appear to not include enough for the file management stuff to work. In code, I had to expand my scopes to include files.readwrite.all. I'm not sure where you can do that in postman.
If you notice in the video. I grant scopes in the azure ad application in portal.azure.com. You could change the scopes in the auth settings in postman config and next time you get a token you’ll be prompted to consent. It’s just easier how I show in video
Thanks for the video. I was trying to fork things myself and got stuck. The step-by-step was helpful.
Quick question. Is there documentation somewhere describing Graph permissions explicitly? I’m an application admin, an azure ad admin, etc. but there are multiple Graph API calls that declare I don’t have sufficient permissions (and I don’t seem to be able to grant admin consent for apps, even though I did it for an unrelated powershell test app months ago). And the tenant admin isn’t sure what to grant me (they can do the app grant). Thanks!
Hello.. Please share some sample code in java to connect Azure AD for token and access the shared mailbox using generated token
Tell me one thing where I can get a callback URL?
its in the docs docs.microsoft.com/en-us/graph/use-postman it's oauth.pstmn.io/v1/browser-callback
I get this Error: AADSTS700016: Application with identifier '0d7ee8af-6ce0-4bxxxxx' was not found in the directory 'f8cdef31-a31e-4b4xxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant
What is wrong?
Are you using an app I’d you created in the same azure ad tenant? And signed into the tenant as the administrator?
Best thing to do is sign up for a developer tenant to tinker until you’re comfortable with it
Thanks a lot, very helpful!.
A question, what is the differences between the graph explorer access token and postman. Getting tokens in postman works for many endpoints n graph but not all even though its the same user signed into explorer and postman. Looking at the permission scopes using jwt.ms, the permissions are the same. Really, it just appears to be a difference in the appId (client_id). What does graph explorer do that allows it to work without the issues I find using postman and its app-only or user based access tokens?
You have to add permissions in your azure ad app that is configured in postman for the token to pick up those consent permissions. And then the apis will work.
Graph explorer is exactly the same. You have to consent graph explorer to the permissions you need and under the covers that will modify the azure ad consent for your user.
@@JeremyThake Hi Jeremy, thank you for the reply. I do not want to bog you down with questions so lastly: I have added and admin consented to all permissions in azure. I want the app-only access token and have added the application permissions. Are you saying that there is another location to give consent, such as when a user is prompted by Microsoft to consent to the permissions?
@@PoetNoPoems what api are you trying to call? There are diff permissions to add for both delegated and application permissions .
Hi, video was very helpful. I am trying to send email on behalf of other user with generated refresh token, but getting MailboxNotEnabledForRESTAPI error. Anyone has any idea about that.
How do you get the client-id, client-secret and tenant for using personal account? Do we still need to register an application on azure ? If yes, can we delete the application later ?
Yes create it in the same way. But you have to change the azure ad app from Organization to Personal in the first screen where it gives you options about multi tenant or single tenant or consumer.
And yes it’s your app , you can delete when you like.
Thank you Jeremy. This is helpful. I have followed your video and used the free microsoft developer account to test this feature. I was able to send mail.
Now what I am struggling is the access token is expired, I understand that I can use refresh token . Does refresh token also get expired ?
@@andrewpasto6651 for postman, you can just get a new access token repeating the steps. You only really need to worry about Refresh tokens in long running applications or interactive applications. In which case I’d recommend using MSAL SDKs for auth alongside our Graph SDKs as this is easily handled for you.
@@JeremyThake Hey @Jeremy Can you please tell me how to get refresh token? I am trying to implement it using cURL call.
Better explanation than the docs
I mean I wrote the docs too. But good to know the video helped more 😎
Can you get an Access Token for EWS with a delegate using this?
ews does support Oauth2 flows, but we are encouraging everyone to call Microsoft Graph as this is the strategic direction and focus for us. What scenario do you still need to use EWS for?
@@JeremyThake Public Folder Access for shared data.
Hi, what happens if you want to only access a specific, not all users. From a microservice, I want to send an email on behalf of a specific email account.
You can call send mail on behalf of a user . But you’ll need the user to sign in on a front end and store their token in your backend and keep it refreshed. Best to ask for more on aka.ms/askGraph
Nice, my feedback is expose Forms in graph API please! Thanks!
thanks this was extremely helpful.
can you please explain creating one to one & groupchat via api's?
Please go to aka.ms/askGraph to have that discussion. More discoverable for others there.
I love this . thanks!
Thanks, great tutorial!
One question: How long will that bearer token that got generated be valid? Does it expire at all?
The background is, that i want an Python Application to use this token for regularly fetching data from sharepoint.
Check out the getting started guide for python as it shows how to obtain tokens that way developer.microsoft.com/en-us/graph/get-started/python
You probably dont care at all but does anybody know of a way to get back into an Instagram account?
I was stupid lost my password. I appreciate any tricks you can give me!
It was useful & Thanks
Anyone else getting a blank page when trying to authenticate and grab token in Postman?
You likely didn’t set all the environment parameters correctly
Things have changed. I think you changed "On behalf of user" is now called "Delegate." Or? LMK
Yes it has. Just didn’t want to recut the whole video
thanks you
I dont see on behalf
Renamed to Delegate
# til