Share via

401 error returned when getting chats through Graph API

Rich 0 Reputation points
2025-10-23T02:44:06.19+00:00

First.

I created my application in Azure. I enabled the following permissions:

User's image

After I logged in to my Application wich is MS 365 account with SSO, and I want to get the chats with the accessToken. The access token is absolutely right.

curl --location 'https://graph.microsoft.com/v1.0/me' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer <token from SSO logged in>'


{
    "error": {
        "code": "Unauthorized",
        "message": "UnknownError",
        "innerError": {
            "code": "Unauthorized",
            "date": "2025-10-23T02:43:37",
            "request-id": "<Removed for PII>",
            "client-request-id": "<Removed for PII>"
        }
    }
}

But 401 returned. Could anyone help me answer this ? Did I used the wrong way about the Graph API ?

Microsoft Teams | Development

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kha-N 3,100 Reputation points Microsoft External Staff Moderator
    2025-10-23T04:03:38.86+00:00

    Hi @Rich,

    Welcome to Microsoft Q&A, and thank you very much for reaching out to us.

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.

    Based on your description, your application appears to have the required Microsoft Graph permissions configured. However, you are still receiving a 401 Unauthorized error.

    To help troubleshoot further, could you please provide the application’s configuration JSON file? This will allow me to verify how the token is being requested and whether the correct scopes are included.

    Additionally, I noticed you mentioned using SSO. Could you clarify why this approach was chosen? For Microsoft Graph API calls, the token must be an access token (not just an ID token) to work correctly.

    User's image

    To check, you can decode the token at https://jwt.ms:

    • If you see scp or roles and aud = https://graph.microsoft.com > Access Token.
    • If you see aud = your app’s client ID and no scp > ID Token.

    Also, kindly please ensure that you have all the required permissions and scopes for the chat endpoint, you can find the complete list in this Microsoft Article here. As 401 error often indicates that the token does not include the necessary permissions and scopes.

    Thank you very much for your time, I am looking forward to your response.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Rich 0 Reputation points
    2025-10-23T08:46:29.5566667+00:00

    Hi, thanks for replying. I have checked. It's an access token. After SSO login in My SpringBoot project, it will enter into following logic:

    // spring security config class code block
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
      .....
    return http.oauth2Login(oauth2 -> 
       oauth2.userInfoEndpoint(userInfo ->
          userInfo.oidcUserService(azureOidcUserService))
                  .successHandler(azureOauth2SuccessHandler))
      .build();
}

// ------- AzureOidcUserService.java ------

public class AzureOidcUserService extends OidcUserService {

    @Override
    public OidcUser loadUser(OidcUserRequest userRequest) throws OAuth2AuthenticationException {
        OidcUser oidcUser = super.loadUser(userRequest);
    	String accessToken = userRequest.getAccessToken().getTokenValue();  // here is accessToken
    	System.out.println("[AzureOidcUserService] Access Token: " + accessToken);
    	System.out.println("--------------------------------------------------------------------");
    	System.out.println("[AzureOidcUserService] Invoked. Claims: " + oidcUser.getClaims());

}

    From https://jwt.ms/, You can see the result:

    User's image

    Then I used that token to get chats through API. 

    curl --location 'https://graph.microsoft.com/v1.0/me/chats' \
--header 'Authorization: Bearer <token>'

    401 error happened.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.