Authentification error while forwarding Graph request with Nginx

Question

Hi everyone!
Our production environment cannot access directly the public Internet, so we use Nginx to forward requests. But I got error of "Error message: Access token is empty." everytime I run the program. I'm suspecting sth wrong with the scope. Code snippet and error messages are like below:

List<String> scopes = new LinkedList<>();  
scopes.add("https://graph.microsoft.com/.default");  
final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()  
        .clientId(msClientId)  
        .clientSecret(msSecret)  
        .tenantId(msTenantId)  
        .build();  
final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(scopes, clientSecretCredential);  
GraphServiceClient<Request> graphServiceClient = GraphServiceClient  
        .builder()  
        .authenticationProvider(tokenCredentialAuthProvider)  
        .logger(defaultLogger)  
        .buildClient();  
graphServiceClient.setServiceRoot("http://192.168.120.10/graphmail/v1.0");  //to be forwarded by Nginx.  

The error message is like below:

2022-09-30 14:10:07.458 ERROR 29128 --- [nio-8085-exec-3] global : CoreHttpProvider[sendRequestInternal] - 408Graph service exception
2022-09-30 14:10:07.458 ERROR 29128 --- [nio-8085-exec-3] global : Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: InvalidAuthenticationToken
Error message: Access token is empty.

[Some information was truncated for brevity, enable debug logging for more details]
2022-09-30 14:10:07.461 ERROR 29128 --- [nio-8085-exec-3] c.i.d.e.e.GlobalExceptionHandler : 服务器错误:

com.microsoft.graph.http.GraphServiceException: Error code: InvalidAuthenticationToken
Error message: Access token is empty.

GET http://192.168.120.10/graphmail/v1.0/users/xxx[@](/users/na/?userId=17ad22bb-bffd-0003-0000-000000000000).com/mailFolders
SdkVersion : graph-java/v5.34.0

401 : Unauthorized
client-request-id : 2a8388fd-d20b-4053-b6d1
Content-Type : application/json
Date : Fri, 30 Sep 2022 07:57:36 GMT
request-id : 1d495707-8b66-4e07-ba91499
Strict-Transport-Security : max-age=31536000
Transfer-Encoding : chunked
Vary : Accept-Encoding
WWW-Authenticate : Bearer realm="", authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize", client_id="00000003-0000-0000-c00"
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Korea Central","Slice":"E","Ring":"3","ScaleUnit":"002","RoleInstance":"SE1PEPF00001FEB"}}
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token is empty.",
"innerError": {
"date": "2022-09-30T07:57:37",
"request-id": "1d495707-8b66-4e07-1499",
"client-request-id": "2a8388fd-d20b-40e586d1"
}
}
}
[Some information was truncated for brevity, enable debug logging for more details]
at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:419) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.GraphServiceException.createFromResponse(GraphServiceException.java:378) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.CoreHttpProvider.handleErrorResponse(CoreHttpProvider.java:512) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.CoreHttpProvider.processResponse(CoreHttpProvider.java:442) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:408) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:225) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:202) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.BaseCollectionRequest.send(BaseCollectionRequest.java:103) ~[microsoft-graph-core-2.0.13.jar:na]
at com.microsoft.graph.http.BaseEntityCollectionRequest.get(BaseEntityCollectionRequest.java:78) ~[microsoft-graph-core-2.0.13.jar:na]