The request does not contain a valid authentication token when getting Onenote #2939
Description
Describe the bug
When I am trying to work as ClientCertificateCredential with certificate I faced with issue
The request does not contain a valid authentication token. Detailed error information: To improve the security of our customers' data, this API will no longer support app-only tokens starting from March 31st 2025. Customers may still call these APIs using delegated (app+user) tokens. Please refer to this link: https://learn.microsoft.com/en-us/graph/auth-v2-user
But the same time I can retrieve users/permissions and etc.
this is script:
using Azure.Identity;
using LatestVersion;
using Microsoft.Graph;
using Microsoft.Graph.Models;
using System.Security.Cryptography.X509Certificates;
var settings = Settings.LoadSettings();
var certificate = new X509Certificate2("d:\\cert.pfx", settings.Password);
var clientCertCredential = new ClientCertificateCredential(settings.TenantId, settings.ClientId, certificate);
var appClient = new GraphServiceClient(clientCertCredential, ["https://graph.microsoft.com/.default"]);
var permissions = await appClient.Oauth2PermissionGrants.GetAsync();
Console.WriteLine($"Permissions: {string.Join(",", permissions!.Value!.Select(p => p.Scope))}");
var users = await appClient.Users.GetAsync();
Console.WriteLine($"{users.Value.Count} users");
try
{
Console.WriteLine("Try to getting Onenotes..");
var notes = await appClient.Users[settings.UserName].Onenote.Notebooks.GetAsync();
var notebook = new Notebook { DisplayName = $"test_{DateTime.UtcNow.ToString("yyyyMMddhhmmss")}" };
var result = await appClient.Users[settings.UserName].Onenote.Notebooks.PostAsync(notebook);
}
catch (Exception ex)
{
Console.WriteLine($"Got Error: {ex.Message}");
Console.WriteLine(ex);
}
It doesn't work from some time.
Expected behavior
should work
How to reproduce
run the script
SDK Version
5.83.0
Latest version known to work for scenario above?
No response
Known Workarounds
No response
Debug output
Permissions: AppCatalog.Read.All AppCatalog.Submit Channel.ReadBasic.All EduAssignments.ReadBasic EduRoster.ReadBasic Files.Read.All Files.ReadWrite.All Group.Read.All People.Read People.Read.All Presence.Read.All TeamsAppInstallation.ReadWriteSelfForTeam User.Read User.ReadBasic.All Tasks.ReadWrite Group-Conversation.ReadWrite.All Team.ReadBasic.All Channel.Create Sites.Read.All PrinterShare.ReadBasic.All PrintJob.Create PrintJob.ReadBasic FileStorageContainer.Selected Calendars.Read Files.Read GroupMember.Read.All InformationProtectionPolicy.Read TeamsAppInstallation.ReadWriteForTeam ChatMember.Read TeamsTab.Create,User.Read User.ReadBasic.All,user_impersonation,user_impersonation,Forms.ReadWrite,MLModel.Execute.All Report.Read.All UserState.ReadWrite.All Dataset.Read.All,Sites.FullControl.All ExternalConnection.ReadWrite.All,User.Read,Notes.Create Notes.ReadWrite.CreatedByApp User.Read, User.Read openid offline_access IMAP.AccessAsUser.All profile Mail.ReadWrite Files.ReadWrite Contacts.ReadWrite Calendars.ReadWrite EWS.AccessAsUser.All, User.Read Mail.ReadWrite Files.ReadWrite EWS.AccessAsUser.All openid offline_access IMAP.AccessAsUser.All Contacts.ReadWrite Calendars.ReadWrite,MyFiles.Write,User.Read,User.Read, User.Read Mail.ReadWrite EWS.AccessAsUser.All Files.ReadWrite openid offline_access IMAP.AccessAsUser.All Contacts.ReadWrite Calendars.ReadWrite, openid offline_access IMAP.AccessAsUser.All User.Read Mail.ReadWrite Files.ReadWrite Contacts.ReadWrite Calendars.ReadWrite,MyFiles.Write, Notes.Create openid profile offline_access Notes.Read,APIConnectors.Read.All APIConnectors.ReadWrite.All Application.Read.All Calendars.Read Calendars.ReadBasic Calendars.ReadWrite DelegatedPermissionGrant.Read.All DelegatedPermissionGrant.ReadWrite.All Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Domain.Read.All Files.Read.All Group.Read.All Group.ReadWrite.All Mail.ReadWrite Notes.Create Notes.Read openid profile Sites.FullControl.All Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Sites.Selected User.Read User.Read.All User.ReadBasic.All email Files.ReadWrite.All offline_access Files.ReadWrite User.ReadWrite.All Device.Read.All Domain.ReadWrite.All AppCatalog.Read.All Application.ReadWrite.All, openid profile User.Read offline_access Notes.Read.All Notes.ReadWrite Notes.ReadWrite.All Files.Read Files.Read.All Files.ReadWrite.All, User.Read, openid profile offline_access, openid profile email offline_access, openid profile offline_access,User.Read,User.Read,User.Read,user_impersonation,user_impersonation,user_impersonation
100 users
Try to getting Onenotes..
Got Error: The request does not contain a valid authentication token. Detailed error information: To improve the security of our customers' data, this API will no longer support app-only tokens starting from March 31st 2025. Customers may still call these APIs using delegated (app+user) tokens. Please refer to this link: https://learn.microsoft.com/en-us/graph/auth-v2-user
Microsoft.Graph.Models.ODataErrors.ODataError: The request does not contain a valid authentication token. Detailed error information: To improve the security of our customers' data, this API will no longer support app-only tokens starting from March 31st 2025. Customers may still call these APIs using delegated (app+user) tokens. Please refer to this link: https://learn.microsoft.com/en-us/graph/auth-v2-user
at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.ThrowIfFailedResponseAsync(HttpResponseMessage response, Dictionary2 errorMapping, Activity activityForAttributes, CancellationToken cancellationToken) at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory1 factory, Dictionary2 errorMapping, CancellationToken cancellationToken) at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory1 factory, Dictionary2 errorMapping, CancellationToken cancellationToken) at Microsoft.Graph.Users.Item.Onenote.Notebooks.NotebooksRequestBuilder.GetAsync(Action1 requestConfiguration, CancellationToken cancellationToken)
at Program.
Configuration
No response
Other information
No response