Microsoft Graph Api returns forbidden response when trying to use /me/memberOf in ASP.NET Core MVC

Question

Here is what I have. (ApiVersion is v1.0)

private async Task GetUsersRoles(string accessToken, ClaimsIdentity identity, string userId)
         


        

Answer 1

We're also authenticating with AAD and in our case we needed to force the user to consent to the application permissions again.

We solved this for a single user by adding the prompt=consent parameter to the AAD login request. For ADAL.js there is an example here:

Microsoft Graph API - 403 Forbidden for v1.0/me/events

Relevant code sample from post:

window.config = {
    tenant: variables.azureAD,
    clientId: variables.clientId,
    postLogoutRedirectUri: window.location.origin,
    endpoints: {
        graphApiUri: "https://graph.microsoft.com",
        sharePointUri: "https://" + variables.sharePointTenant + ".sharepoint.com",
    },
    cacheLocation: "localStorage",
    extraQueryParameter: "prompt=consent"
}