We have created application and using client credential flow to login with Graph API. We provided delegated access permission to the application to read all user information and the mailboxsettings and mailbox read.
email
IMAP.AccessAsUser.All
Mail.Read
Mail.Read.Shared
Mail.ReadBasic
MailboxSettings.Read
People.Read.All
profile
User.Export.All
User.Read
User.Read.All
User.ReadBasic.All
We are able to extract the user informationm however when trying to access the mailboxesettings getting following error.
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
SCOPE=https://graph.microsoft.com/.default
We are using python API and following are the code snippet to retrieve mailbox settings
MBOX_TIMEZONE=https://graph.microsoft.com/v1.0/users/{userPrincipalName}/mailboxSettings
AUTHORITY = https://login.microsoftonline.com/<tenant id>
Code to retrieve the access token
app = msal.ConfidentialClientApplication(
self.appID,
authority=authority,
client_credential=self.clientSecret
)
result = app.acquire_token_silent(scopes, account=None)
if not result:
result = app.acquire_token_for_client(scopes=scopes);
def getUsersTimeZone(self, userPrincipalName):
userMailEndPoint = self.configs.get("Graph","MBOX_TIMEZONE")
endPoint = userMailEndPoint.format(userPrincipalName = userPrincipalName);
self.logger.info('Get user mailzone.....%s, %s',userPrincipalName, endPoint);
graph_data = requests.get( # Use token to call downstream service
endPoint,
headers={'Authorization': 'Bearer ' + self.accessToken},).json()
self.logger.debug('Timezone details.....:%s',json.dumps(graph_data, indent=2))
return graph_data;