I am writing a daemon application to manage my personal microsoft outlook account, using the Outlook Mail REST API (https://docs.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/mail-rest-operations).
To do this I must generate the proper authorization token to use with the API calls.
I logged into the azure portal with my outlook account (xxx@outlook.com), and registered an application, created a client secret, and gave the app permission to User.Read.All for example.
I am using this example code to test my application:
https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2
I added my tenant-id, client-id, and client-secret from the application into the sample code, which successfully generates a token.
When the sample code makes a call to graph.microsoft.com/v1.0/users however, it returns this error:
Failed to call the Web Api: Forbidden
Content: {
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2020-08-08T20:47:59",
"request-id": "ae8c7509-eada-41fd-90d7-dbb7885da534"
}
}
}
Is this due to the User.Read.All permission requiring admin consent? If so, am I not the admin for my own outlook account? Is there a more straight-forward way to do this?
