MicrosoftGraph's list messages API return access denied message

0
votes

MicrosoftGraph Outlook Mail's List Message API allows me to list the message of the admin user (authorized the application to generate token), but it doesn't allow to get the messages of other users. I have tried the following API call

https://graph.microsoft.com/v1.0/users/[email protected]/messages

It returns the following error message.

Status Code: 403
{
    "error": {
        "code": "ErrorAccessDenied",
        "message": "Access is denied. Check credentials and try again.",
        "innerError": {
            "request-id": "2c567919-e538-456a-9a90-74fa43685bd1",
            "date": "2016-11-30T10:37:58"
        }
    }
}

Please help me to resolve the problem.

Note: I'm using code flow for authentication and it is a multi-tenant application. Is it possible to implement token flow for a multi-tenant application?

1
emailoffice365microsoft-graph-api

1 Answers

0
votes

From your question, it is not clear which authentication flow you are using but I suspect you are using the authentication code flow.

If you are using the authentication code flow and user delegated permissions, you can only access the current user's messages, regardless of whether the user is a regular user or an administrator.

Sample using auth code flow:

var ctx = new AuthenticationContext(authority + tenant);
var t = await ctx.AcquireTokenAsync(resource, clientId, new Uri(redirectUri), new PlatformParameters(PromptBehavior.Auto));

Only through the client credentials flow and application permissions can you retrieve any user's messages.

.Sample using client credentials flow:

var ctx = new AuthenticationContext(authority + tenant, new TokenCache());
var t = ctx.AcquireToken(resource, new ClientCredential(clientId, clientSecret));