question

AkshayMahajan-0774 avatar image
0 Votes"
AkshayMahajan-0774 asked JamesTran-MSFT edited

Error authenticating with resource -- even with admin consent for a signed in user

Hello, I have a registered AD app, and has admin consent on the following permissions

Mail.Read
Mail.ReadWrite
Mail.ReadBasic
User.Read

I also get a code in my local app, which I use to obtain an access_token. In that response, here are the scope values returned by login.microsoftonline.com

"scope": "profile openid email https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/Mail.ReadBasic https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/User.Read",

Now when I try to access https://graph.microsoft.com/v1.0/me using access_token obtained in the previous step, it works fine and gives my user profile back in postman.

But when I try to access https://graph.microsoft.com/v1.0/me/messages, it fails with the following error

{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"date": "2021-04-30T16:56:08",
"request-id": "b1949288-8ee8-42cd-ae61-5c63597eb973",
"client-request-id": "b1949288-8ee8-42cd-ae61-5c63597eb973"
}
}
}

The scope for access_token does have Mail.Read for graph. What am I doing wrong? scp value from jwt.ms is as follows:

"scp": "Mail.Read Mail.ReadBasic Mail.ReadWrite User.Read profile openid email"

Please help asap. Thanks!

microsoft-graph-mail
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This app is enabled for Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

I am using an @outlook.com email address

0 Votes 0 ·

Hello - let us look into this and get back to you.

0 Votes 0 ·

1 Answer

AkshayMahajan-0774 avatar image
0 Votes"
AkshayMahajan-0774 answered AkshayMahajan-0774 commented

any inputs on this?

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @AkshayMahajan-0774 would you check with your admin whether you have a valid subscription for this user?

0 Votes 0 ·

Hi @DianaWanjuhi-1579 thanks for your response. Would like to get more details on the "subscription", are you referring to office 365 subscription? I have this AD app on Azure which allows signing in on personal Microsoft accounts (e.g. Skype, Xbox). And am using a personal email address like aksxyz@outlook.com (we have added this user as a Guest user on Azure AD and accepted invite). Beyond that, please let me know what step is needed within Azure AD or on the exchange side?

Thank you!

0 Votes 0 ·

Also want to add that when I use MS Graph Explorer online tool (on a browser) and sign in to this outlook email account, I am able to access the messages using me/messages. How could azure AD app have the same behavior?

0 Votes 0 ·