Generated token is not able to access Graph APi to read shared mailbox messages

0
votes

Facing token permission issue while trying to access Graph API from postman.

We have app id created for our shared mailbox and this app id has been granted below permissions for Graph API- • Microsoft Graph \ Read user mail \ Delegated • Microsoft Graph \ Read and write access to user mail \ Delegated • Microsoft Graph \ Send mail as a user \ Delegated • Microsoft Graph \ Read user mailbox settings \ Delegated • Microsoft Graph \ Read and write user mailbox settings \ Delegated

We ae able to generate the token from URL(https://login.microsoftonline.com/tenantId/oauth2/token) emphasized text While using this token to access graph API using below URL for reading the shared mailbox messages we are error- • https://graph.microsoft.com/v1.0/me/mailfolders/Inbox/messageshttps://graph.microsoft.com/v1.0/me

Error Message:- "The token contains no permissions, or permissions can not be understood."

1
microsoft-graph-api

1 Answers

0
votes

To get the messages of a shared mailbox, you need the Mail.Read.Shared permission.

And then access the message with the following url:

https://graph.microsoft.com/v1.0/users/{shared_mailbox_id}/messages

Update:

A. If you want to specify scopes, you need to use Azure AD V2. Azure AD V1 only supports resource, but V2 supports scopes.

V2 authorization endpoint:

https://login.microsoftonline.com/tenantId/oauth2/v2.0/authorize

V2 token endpoint:

https://login.microsoftonline.com/tenantId/oauth2/v2.0/token

B. Register an application in Azure AD, add necessary permission, and click grant admin consent for your organization

enter image description here

C. Acquire a token with oauth2 auth code grant flow. Here I will use postman for convenience. enter image description here

Click request token, you will be asked to enter your credentials. (if not, please clear cookies in postman) enter image description here

D. Then I can get an access token with required permission.

enter image description here

E. Finally, I can use the token to get the messages from shared mailbox

enter image description here