Microsoft Graph API not able to use mail.read
Within my application I generate an access token via
GET https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?client_id=<CLIENT_ID>&response_type=code&response_mode=query&scope=user.read+mail.send+mail.readwrite&redirect_uri=https%3A%2F%2Fgraphresponse%2F&prompt=consent
to use the code on
POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
with application/x-www-form-urlencoded: grant_type=authorization_code&redirect_uri=https%3A%2F%2Fgraphresponse%2F&client_id=<CLIENT_ID>&scope=user.read+mail.send+mail.readwrite&client_secret=<CLIENT_SECRET>&code=<CODE>
So far so good, i receive a bearer token like this (formatted for readability):
{"token_type":"Bearer",
"scope":
"Mail.Read Mail.Read.All Mail.Read.Shared
Mail.ReadBasic Mail.ReadWrite Mail.ReadWrite.Shared
Mail.Send openid User.Read profile email",
"expires_in":3600,
"ext_expires_in":3600,
"access_token":"<TOKEN>"
}
and I can use the following endpoints
GET http://graph.microsoft.com/v1.0/me
POST http://graph.microsoft.com/v1.0/me/sendMail
POST http://graph.microsoft.com/v1.0/me/messages
but I get the following error
GET http://graph.microsoft.com/v1.0/me/messages
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "xxxxxxx",
"date": "2019-03-12T13:38:47"
}
}
}
Did I miss any configuration that is neccessary explicitly to read the current users inbox, or is there any admin configuration required?
As you are trying with authorization code flow so you need follow the below
step to access
https://graph.microsoft.com data.
Note:
Make sure you have office 365 user account registered
All Required permission grant
As the document explain first you need token request code
response_type = code
To do that there are two ways.
From postman request and From browser with your required credentials
Here I would show postman workaround you could also try it pasting on browser.
Postman Code Access Example
Here make sure in portal you have configure this URL as expected see the below screen shot:
To get v2.0 token request access code set request endpoint to:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Content type to : application/x-www-url-form-urlencoded
See the screen shot below:
Now Click on Authorization tab and select type OAuth 2.0 and click on Get New Access
Token. See the screen shot below:
You Will prompt postman popup like below:
Enter Your necessary information here and click Request Token
In postman console body segment you will get access code for token request. See the screen shot below:
Copy the code for next use.
Now add a new tab on post man for token request like below:
In response you will get you access token like below:
Now with this token request to your expected endpoint for example http://graph.microsoft.com/v1.0/me
See the screen shot below:
In response you will get your endpoint data as expected
See the screen shot below :
If you have any more question just let me know Thank You.
- How to make Depends optional in FastAPI?
- Getting refresh token for gmail API with Spring Security
- Creating firebase user with authentication information from Salesforce
- Where to store the refresh token on the Client?
- AuthorizedClientServiceOAuth2AuthorizedClientManager: accessToken cannot be null
- How do I add audience validation using Spring OAuth without needing the issuer?
- Ruby & IMAP - Accessing Office 365 with Oauth 2.0
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Swift Discord OAuth2 redirect URi not supported by Client
- Apim policy to validat token for b2b and as well as b2c tenant token endpoints
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Google APIs Console - missing client secret
- Automating access token refreshing via interceptors in axios
- Supabase does not append code parameter to the redirect URL after OAuth login
- How/why is login page redirect required?
- Where can I find a list of scopes for Google's OAuth 2.0 API?
- Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
- Spring security JWT without OAuth
- Add OAuth authentication for HTTP request triggers
- Get email, phone, etc from OAuth2 login
- BFF pattern for native apps in OAuth 2.0?
- Why is PKCE `code_verifier` calculated server-side in BFF pattern?
- Apache strips down "Authorization" header
- Fake Firebase Auth Tokens for Test Environment
- Access Not Configured for Google OAUTH Login
- Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
- Getting user data through an Azure AD OAuth login - React Native Expo App
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- spring oauth client (v6.4.2): does not redirect to oauth-server
- NextJs: server component vs server action