Graph Explorer screenshot

How to Create a Graph Schema Extension using Graph Explorer

I’ve been doing a lot of SPFx, NET Core and Office 365 related development and I have several stories to share.

During the implementation of one of the features in a custom API application, I had to create a schema extension in Microsoft Graph for a Group object, for the purposes of classification. As I stumbled upon a non-intuitive behaviour of the API in Graph Explorer, I hope to save you a couple of hours if you have to do the same.

I went to the extensive Graph documentation to see how to perform such a call to MS Graph. It didn’t seem particularly difficult, just a POST with JSON data on the schemaExtensions endpoint.

In Graph Explorer application that I was using, I kept getting “Request denied due to insufficient permissions”. I double and triple-checked that my Graph Explorer indeed had the needed permissions (Directory.AccessAsUser.All). No matter what I did, I kept getting the same error.

In the end, it seemed to be a limitation on Graph Explorer client. To overcome it, Microsoft added a workaround:

  • Register another Web / API application in Azure Active Directory
  • Add the required permissions to create schema extension to that application
  • In Graph Explorer, prepare a POST request to schemaExtensions endpoint
  • Add “owner” property in the JSON payload, with the value of the authorized application App ID
  • Voilà! The schema extension is created.

My schema creation request JSON payload was like this:

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.