accessDenied With Token with Permission Sites.ReadAll

[carolineganderson]

Describe the bug

We are trying to get the site id for sharepoint sites using the graph API. When the sharepoint site has "sites" in the url such as https://ipmlservice0304.sharepoint.com/sites/test, we can successfully get the site id. When there is "teams" in the url such as https://ipmlservice0304.sharepoint.com/teams/test, we get an "accessDenied" exception.

Expected behavior

If I use a token that I get from the graph explorer and use that, I can get the id for the teams site. If I use the token my code generates, I get the accessDenied error.

 OAuthTokenSource tokenSource = OAuthTokenSource.CreateSharePointOAuthTokenSource(this.requestContext);
string accessToken = (await tokenSource.GetTenantTokenForMsGraph(tenantId).ConfigureAwait(true)).AccessToken;

I checked the properties of the token my code generated, and under "roles" it has the "Sites.ReadAll" permission.

How to reproduce

  	OAuthTokenSource tokenSource = OAuthTokenSource.CreateSharePointOAuthTokenSource(this.requestContext);

	string accessToken = (await tokenSource.GetTenantTokenForMsGraph(tenantId).ConfigureAwait(true)).AccessToken;

	authProvider = new DelegateAuthenticationProvider((request) =>
	{
		request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("bearer", accessToken);

        	return Task.FromResult(0);
	});

	GraphServiceClient graphClient = new GraphServiceClient(authProvider);
 	graphClient.BaseUrl = tokenSource.GetMsGraphBaseUrl();

	ISiteRequest siteRequest = graphClient.Sites[siteHost].Request().Select("id");
	**Graph.Site siteInfo = await siteRequest.GetAsync().ConfigureAwait(true);  //this line throws exception**

SDK Version

3.35.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

```

Code: accessDenied
Message: Request is not allowed in the current context
Inner error:
AdditionalData:
date: 2025-05-29T18:52:40
request-id: b0c8b569-1d33-420d-b587-29fc64068e26
client-request-id: b0c8b569-1d33-420d-b587-29fc64068e26
ClientRequestId: b0c8b569-1d33-420d-b587-29fc64068e26

</details>


### Configuration

_No response_

### Other information

_No response_

[baywet]

Thank you for using the SDK and for reaching out!

This behavior is caused by the backend service and not the SDK. This repository and its issues are dedicated to the SDK, not the backend service. For service-related issues, you can contact the Microsoft Graph support team here: https://developer.microsoft.com/graph/support
Alternatively, you can also use the Microsoft Q&A forum for community support: https://learn.microsoft.com/en-us/answers/tags/161/ms-graph

If you have any other questions or need further assistance, please let us know!

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.