Use python script to create a task (no user interaction)

Stefano Gentile 0 Reputation points
Apr 13, 2023, 11:52 AM

I am trying to create tasks in MS Todo using python but I am getting lost in the complexities of the Azure portal. I have a personal hotmail account, which is connected to my MS Todo app. I have registered the webapp in the portal in the default directory, set a secret and added API application permissions for Tasks.Read.All Tasks.ReadWrite.All (admin consent given).
Here is my code:

Python 
import json
import requests
from msal import ConfidentialClientApplication

client_id = '<my_client_id>'
client_secret = '<my_client_secret_value>'
tenant_id = '<my_tenant_id>'

msal_authority = f"https://login.microsoftonline.com/{tenant_id}"

msal_scope = ["https://graph.microsoft.com/.default"]

msal_app = ConfidentialClientApplication(
    client_id = client_id,
    client_credential=client_secret,
    authority = msal_authority,
)

result = msal_app.acquire_token_silent(
    scopes = msal_scope,
    account = None,
)

if not result:
  result = msal_app.acquire_token_for_client(scopes=msal_scope)

if "access_token" in result:
  access_token = result['access_token']
else:
  raise Exception('No access token found')

headers = {
  "Authorization": f"Bearer {access_token}",
  "Content-Type": "application/json",
}


task_list_id = "<my_list_id>"

task_details = {
    'title': 'Buy groceries',
    'dueDateTime': {
        'dateTime': '2023-04-14T22:00:00Z',
        'timeZone': 'UTC'
    }
}

response = requests.post(
  url = f"https://graph.microsoft.com/v1.0/users/<my_user_email>/todo/lists/{task_list_id}/tasks",
  headers=headers,
  data=json.dumps(task_details),
)

print(json.dumps(response.json(), indent=4))

The script gets an access token but then it returns an error:
OrganizationFromTenantGuidNotFound

{
    "error": {
        "code": "accessDenied",
        "message": "Access denied",
        "innerError": {
            "code": "OrganizationFromTenantGuidNotFound",
            "date": "2023-04-13T09:30:29",
            "request-id": "<my_request_id>",
            "client-request-id": "<my_client_request_id>"
        }
    }
}

What am I doing wrong? I know I cannot use the application permission with /me/, that's why I am trying /users/<user_id> instead. Is there a way to get this to work?
thanks

Microsoft Graph Permissions API
Microsoft Graph to Do Tasks API
Microsoft Graph Applications API
Microsoft Graph Applications API
A Microsoft API that enables you to manage these resources and actions related to applications in Azure Active Directory.
636 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. HarmeetSingh7172 4,866 Reputation points
    Apr 13, 2023, 3:14 PM

    Hello Stefano Gentile,

    Thanks for reaching out!

    As you are using a personal Microsoft account for creating a task, you are restricted to use delegated token/permissions only. Create Todotask graph API requires Tasks.ReadWrite permission while working with personal Microsoft account.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments
  2. CarlZhao-MSFT 27,541 Reputation points
    Apr 14, 2023, 12:00 PM

    Hi @Stefano Gentile

    Personal account is not available in application context, because application permissions are tenant-specific, and your personal account is not registered in the tenant, so the api cannot find the ID/UPN of your personal account.

    You need to add your personal account to the tenant as a guest, then you will be able to create tasks for guest users using application permissions.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.