I am searching for solutions to authenticate with Microsoft Graph and get all my emails in Eclipse IDE. I have used the authentication method of 'Client Credentials Provider'. I am having issues with the SCOPES that need to be defined. Please find the error and my code below:
package JAVA_MicrosoftGraphAPI;
import java.net.URL;
import java.util.Arrays;
import java.util.List;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.graph.authentication.TokenCredentialAuthProvider;
import com.microsoft.graph.logger.DefaultLogger;
import com.microsoft.graph.logger.LoggerLevel;
import com.microsoft.graph.models.User;
import com.microsoft.graph.requests.GraphServiceClient;
import okhttp3.Request;
public class YT_Video{
private final static String CLIENT_ID = "CLIENT_ID";
private final static String TENANT_ID = "TENANT_ID";
private final static String SECRET_ID = "SECRET";
//Set the scopes for your ms-graph request
private final static List<String> SCOPES = Arrays.asList("User.Read", "Mail.Read", "openid", "offline_access", "profile");
public static void main(String[] args) throws Exception {
// Create the auth provider.
final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(SECRET_ID)
.tenantId(TENANT_ID)
.build();
final TokenCredentialAuthProvider tokenCredAuthProvider = new TokenCredentialAuthProvider(SCOPES, clientSecretCredential);
System.out.println("First Step Reached. ");
// Create default logger to only log errors
DefaultLogger logger = new DefaultLogger();
logger.setLoggingLevel(LoggerLevel.ERROR);
// Build a Graph client
GraphServiceClient<Request> graphClient = GraphServiceClient.builder()
.authenticationProvider(tokenCredAuthProvider)
.logger(logger)
.buildClient();
System.out.println("Second Step Reached. ");
URL myUrl = new URL("https://graph.microsoft.com/v1.0/me/");
final String accessToken = tokenCredAuthProvider.getAuthorizationTokenAsync(myUrl).get();
System.out.println("Access token --> " + accessToken);
// Just another optional step to get name of signed-in user.
final User me = ((GraphServiceClient<Request>) graphClient).me().buildRequest().get();
System.out.println("Hello " + me.displayName + "( Synced !)");
System.out.println("Hello " + me.mail + "( Mail !)");
System.out.println("Got " + me.messages.getCount() + " messages !");
}
}
at JAVA_MicrosoftGraphAPI.YT_Video.main(YT_Video.java:67)
Caused by: com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope User.Read openid profile offline_access Mail.Read is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).
You need to change the scope to https://graph.microsoft.com/.default.
//Set the scopes for your ms-graph request
private final static List<String> SCOPES = Arrays.asList("https://graph.microsoft.com/.default");
User.Read and Mail.Read permissions must be preconfigured in Azure on the app registration and an administrator must grant consent to those permissions beforehand.
Resources: