question

MohamedShahir-4194 avatar image
0 Votes"
MohamedShahir-4194 asked KalyanChanumolu-MSFT edited

Microsoft Graph API not returning mailboxSettings

We have created application and using client credential flow to login with Graph API. We provided delegated access permission to the application to read all user information and the mailboxsettings and mailbox read.


email
IMAP.AccessAsUser.All
Mail.Read
Mail.Read.Shared
Mail.ReadBasic
MailboxSettings.Read
People.Read.All
profile
User.Export.All
User.Read
User.Read.All
User.ReadBasic.All

We are able to extract the user informationm however when trying to access the mailboxesettings getting following error.
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}

SCOPE=https://graph.microsoft.com/.default

We are using python API and following are the code snippet to retrieve mailbox settings
MBOX_TIMEZONE=https://graph.microsoft.com/v1.0/users/{userPrincipalName}/mailboxSettings
AUTHORITY = https://login.microsoftonline.com/<tenant id>

Code to retrieve the access token

     app = msal.ConfidentialClientApplication(
         self.appID,
         authority=authority,
         client_credential=self.clientSecret
         )
     result = app.acquire_token_silent(scopes, account=None)
     if not result:
         result = app.acquire_token_for_client(scopes=scopes);


 def getUsersTimeZone(self, userPrincipalName):
     userMailEndPoint = self.configs.get("Graph","MBOX_TIMEZONE")
     endPoint = userMailEndPoint.format(userPrincipalName = userPrincipalName);
     self.logger.info('Get user mailzone.....%s, %s',userPrincipalName, endPoint);
     graph_data = requests.get(  # Use token to call downstream service
         endPoint,
         headers={'Authorization': 'Bearer ' + self.accessToken},).json()
     self.logger.debug('Timezone details.....:%s',json.dumps(graph_data, indent=2))
     return graph_data;
azure-active-directoryazure-ad-graph
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MohamedShahir-4194 If the application runs as a daemon/background service without user interaction, you will need application permissions.

2 Votes 2 ·

1 Answer

Danstan-MSFT avatar image
1 Vote"
Danstan-MSFT answered Danstan-MSFT edited

The error is because you have added delegated permissions. For client credential flow, there is no user consent requested so you have to add the permissions as Application permissions not Delegated Permissions. See Permissions and consent in the Microsoft identity platform for the difference between the two.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.