Search code examples
ms-officeoffice365office365-apps

Getting Error code 403 while accessing Office 365 mail box for the client credential grant flow

I am trying to connect to Office 365 to use the client credential flow.I have followed all the steps as mentioned in http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx

I am trying to connect using the ADAL java library.

Using the below code to connect and fetch mail:

String authority = "https://login.windows.net/tenant-id/oauth2/authorize";
ExecutorService service = null;
service=Executors.newFixedThreadPool(1);
try {
    AuthenticationContext authenticationContext =  new AuthenticationContext(authority, false, service);
    String certfile = "PfxFinal.pfx";
    InputStream pkcs12Certificate=new FileInputStream(certfile);

    String token = "";

    AsymmetricKeyCredential credential = AsymmetricKeyCredential.create("clientid", pkcs12Certificate,"password");
    System.out.println("X509 is fine!");

    Future<AuthenticationResult> future=authenticationContext.acquireToken("https://outlook.office365.com", (AsymmetricKeyCredential)credential, null);// authenticationContext.acquireToken("https://outlook.office365.com", credential, null);
    System.out.println("Token Received "+future.get().getAccessToken());
    token=future.get().getAccessToken();
    System.out.println(token);


    URL url = new URL("https://outlook.office365.com/api/v1.0/me/folders/inbox/messages?$count=true&$filter=isread%20eq%20false");
    HttpURLConnection con = (HttpURLConnection) url.openConnection(); 
    con.setRequestMethod("GET"); 
    con.setRequestProperty("Accept","application/json"); 
    //con.setRequestProperty("Authorization",token);
    con.setRequestProperty("Authorization","Bearer "+token);
    System.out.println("Bearer "+token);

    if (con.getResponseCode() != 200) {
        throw new RuntimeException("Failed : HTTP error code : "
                + con.getResponseCode());
    }

    BufferedReader br = new BufferedReader(new InputStreamReader(
        (con.getInputStream())));

    String output;
    System.out.println("Output from Server .... \n");
    while ((output = br.readLine()) != null) {
        System.out.println(output);
    }

    con.disconnect();
} catch (Exception e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

I have given the full permission for the tenant.Is there anything else , that I have to do in order to fix this issue.

Solution

  • You are addressing the "/me" endpoint, which for "app-only" access has really no meaning as "me" represents a mailbox and the access token has no user context that could be used to determine what "me" mailbox is attempted to access. For app-only access token you must use users('the mailbox e-mail address to access'). "app-only" represents an application identity with no information about mailboxes or users.

    Let me know if you still have issues.

    Thanks, Matthias