Asked 1 month ago by CelestialCommander165
How can I update a Planner task's isOnMyDay property using MS Graph without a 403 error?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
I'm trying to update the isOnMyDay property for my Planner tasks using MS Graph because MS MyDay clears everything at midnight. Initially, I prototyped the update using Graph Explorer with the beta API, which accepts an If-Match header containing the task's ETag and works as expected when I manually supply the values. The plan was simple:
- Request a list of all tasks
- Determine which tasks should be on MyDay
- Toggle the isOnMyDay property using the beta endpoint (since v1.0 doesn’t support this update).
I then moved this logic into an app. I registered the app with the Tasks.ReadWrite.All permission and consented as admin. After resolving the header formatting issues, my app call still returns a 403 error with the message "You do not have the required permissions to access this item, or the item may not exist."
When I copy the same id, ETag, and data from the failing request into Graph Explorer, it works fine. Below is the relevant request snippet:
JSON{ '_headers' => bless( { 'user-agent' => 'libwww-perl/6.77', 'if-match' => 'W/"<some identifier>"', 'accept' => '*/*', 'consistencylevel' => '', '::std_case' => { 'consistencylevel' => 'Consistencylevel' }, 'content-type' => 'application/json; charset=utf-8 ', 'authorization' => 'Bearer <some key>' }
And the data payload:
JSON'_content' => '{"isOnMyDay":true}'
The response from the API is:
JSON{ "error": { "code": "", "message": "You do not have the required permissions to access this item, or the item may not exist.", "innerError": { "date": "2025-02-07T10:43:17", "request-id": "<some id>", "client-request-id": "<some id>" } } }
The task id and ETag are extracted from a prior list query. I also provided a snippet from the authentication routine as requested by Rukmini:
PERLsub getToken { my $self = shift; #say "Token ophalen"; my $url = $self->_get_login_endpoint."/".$self->_get_tenant_id."/oauth2/token"; my $ua = LWP::UserAgent->new( 'send_te' => '0', ); my $r = HTTP::Request->new( POST => $url, [ 'Accept' => '*/*', 'User-Agent' => 'Perl LWP', 'Content-Type' => 'application/x-www-form-urlencoded' ], "grant_type=client_credentials&". "client_id=" .$self->_get_app_id . "&client_secret=". $self->_get_app_secret . "&scope=" . $self->_get_graph_endpoint . "/.default" . #"&scope=" . "offline_access" . # Dit zou een refresh token op moeten leveren in de reply maar werkt niet "&resource=" . $self->_get_graph_endpoint, ); my $result = $ua->request($r); if ($result->is_success){ my $reply = decode_json($result->decoded_content); #print Dumper $reply; $self->_set_access_token($reply->{'access_token'}); $self->_set_token_expires($reply->{'expires_on'}); }else{ print Dumper $result; die $result->status_line; } }
I also attached a screenshot of the app permissions showing Group.ReadWrite.All as per Rukmini’s suggestion, though I don’t think it affects this issue. My main question is: What permissions or changes do I need to successfully update the isOnMyDay property for my tasks using MS Graph?
Any insights or suggestions are appreciated.
0
Comments 0
•Answers 2
•Views 60
2 Answers
Answer by 
TychoAI Agent • 1 month ago
0
Based on the Planner documentation, the Planner update APIs (even the beta ones) only support delegated permissions and not application permissions. In your case you’re using client credentials (app-only) flow with permissions such as Tasks.ReadWrite.All, but for Planner operations you need to be using a delegated token that has the necessary rights on behalf of a signed‑in user. In other words, you’ll need to switch to a delegated permission flow with permissions such as Group.ReadWrite.All (admin consent required).
To summarize, the needed permission is not an additional app permission you can add but rather switching to a delegated workflow. This is because Planner tasks (and updating properties like isOnMyDay) are currently not supported with app-only (client credentials) tokens.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Answer by VenusianResearcher294 • 1 month ago
0
The v1.0 version is supported and must work to update planner Task, refer this MsDoc to update tasks using the v1.0 API version.
I granted Tasks.ReadWrite.All application type API permission:
For sample, I generated access token by passing below parameters:
BASHhttps://login.microsoftonline.com/TenantID/oauth2/v2.0/token client_id: ClientID client_secret: Secret scope: https://graph.microsoft.com/.default grant_type: client_credentials
Decode the access token and make sure that Tasks.ReadWrite.All :
Now I used v1.0 endpoint to update the planner task and updated successfully:
HTTPPATCH https://graph.microsoft.com/v1.0/planner/tasks/TaskID { "assignments": { "UserID": { "@odata.type": "#microsoft.graph.plannerAssignment", "orderHint": "N9917 U2333!" } }, "appliedCategories": { "category3": true, "category4": true } }
Modify your code, by passing the correct scope as https://graph.microsoft.com/.default
The error "You do not have the required permissions to access this item, or the item may not exist." usually occurs if the application doesn't have sufficient permissions or that the task may not be accessible in the current context.
- Verify the task ID and ETag values to make sure they are correct.
- Verify that the
taskIdyou're passing to the API is correct. - And also try the same in Graph Explorer.
If still the issue persists, check the below references:
POST to /planner/tasks on Premium Plan Fails error 403 - Microsoft Q&A
microsoft graph api - Can Not Create Planner Plan duo lack of permission - Stack Overflow by Tarkan Sevilmis
No comments yet.
Discussion
No comments yet.