Access is denied. Check credentials and try again

Manas Hait (EXT-Nokia) 1 Reputation point

Getting this response while calling below url from java code:[@](/users/na/?userId=e9e8e7a0-d353-4cad-b0c5-ff47fb742d63).com/microsoft.graph.sendMail API

  1. Created App on Azure Directory
  2. Given below permissions
    Delegated:- Mail.Read, Mail.Read.Shared, Mail.ReadBasic, Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, Mail.Send.Shared, User.Read
  3. Calling below code from Java Spring boot application @GetMapping("/sendmail")
    public void sendmail() {
    final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
    List<String> scopes = Arrays.asList(new String[] {""});
    final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(scopes, clientSecretCredential);
    	final GraphServiceClient graphClient =  
    	Message message = new Message();  
    	message.subject = "Meet for lunch?";  
    	ItemBody body = new ItemBody();  
    	body.contentType = BodyType.TEXT;  
    	body.content = "The new cafeteria is open.";  
    	message.body = body;  
    	LinkedList<Recipient> toRecipientsList = new LinkedList<Recipient>();  
    	Recipient toRecipients = new Recipient();  
    	EmailAddress emailAddress = new EmailAddress();  
    	emailAddress.address = "";  
    	toRecipients.emailAddress = emailAddress;  
    	message.toRecipients = toRecipientsList;  
    	LinkedList<Recipient> ccRecipientsList = new LinkedList<Recipient>();  
    	Recipient ccRecipients = new Recipient();  
    	EmailAddress emailAddress1 = new EmailAddress();  
    	emailAddress1.address = "";  
    	ccRecipients.emailAddress = emailAddress1;  
    	message.ccRecipients = ccRecipientsList;  
    	boolean saveToSentItems = false;  
  4. Getting below error in the logs Error code: ErrorAccessDenied
Error message: Access is denied. Check credentials and try again.

SdkVersion : graph-java/v5.41.0

403 : Forbidden

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,445 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shivam Dhiman 5,951 Reputation points

    Hi @Manas Hait (EXT-Nokia)

    To send messages from another user, applications that use user tokens use the Mail.Send.Shared Microsoft Graph permission.
    Addition to this we need to configure mailbox permissions to that other user account.

    Steps for giving mailbox permissions:

    • Login to M365 admin center-> select active users
    • select the user from which you want to send email on behalf
    • select Mail in the pane , there you can configure the required permissions

    Please refer to the below sample screenshot:

    For more details please refer to this documentation.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments No comments