This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZK%3C/text%3E%3C/svg%3E)
Good Afternoon,
I would like to write a powershell script to get my emails from my outlook via Oauth2 token without user login, but unfortunately no luck. I am able to generate correctly my token successfully and I can see on "jwt.ms" website there is a required permisson on it, but for some reason its just not working.
If I generate a token with "graph explorer" and paste into my code directly, (so if i am not generating the token from powershell code), all option works fine and I can get back all details from my outlook. So its something regarding the token and permisson but I am not sure what excatly.
Interesting thing is, if I change thte code from:
$Uri = "https://graph.microsoft.com/v1.0/users/*********************************/messages"
to:
$Uri = "https://graph.microsoft.com/v1.0/users/*********************************/
In this case the API will give back my profile details.
jwt.ms result:
https://pastebin.com/tMmxfn5d
"roles": [
"Mail.ReadWrite",
"Mail.ReadBasic.All",
"Directory.Read.All",
"User.Read.All",
"Mail.Read",
"Mail.Send",
"Contacts.Read",
"Mail.ReadBasic"
],
Error message:
Invoke-RestMethod: The remote server returned an error: (401) Unauthorized. At line:29 char:17
+ ... rResponse = Invoke-RestMethod -Method Get -Uri $Uri -Headers $Headers ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
# Define the URI and parameters
$Uri = "https://login.microsoftonline.com/*********************************/oauth2/v2.0/token"
$Body = @{
"grant_type" = "client_credentials"
"client_id" = "*********************************"
"client_secret" = "*********************************"
"scope" = "https://graph.microsoft.com/.default"
}
$ContentType = "application/x-www-form-urlencoded"
# Send the POST request
$Response = Invoke-RestMethod -Method Post -Uri $Uri -Body $Body -ContentType $ContentType
# Display the access token
Write-Output "Access Token: $($Response.access_token)"
# Replace "{id | userPrincipalName}" with the id or userPrincipalName of the user
$Uri = "https://graph.microsoft.com/v1.0/users/*********************************/messages"
# Define the header for the "user" request
$Headers = @{
"Authorization" = "Bearer $($Response.access_token)"
}
# Send the GET request
$UserResponse = Invoke-RestMethod -Method Get -Uri $Uri -Headers $Headers
# Display the "user" information
Write-Output $UserResponse
Thank you.
Hi @Zsolt Kallai
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread.
Thanks,
Carl
Hi @Zsolt Kallai
I did a quick test with your script and it works fine.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Good Morning,
Thank you very much for your message, I really appreciate your help on it.
I think the problem will be on my side the "{id | userPrincipalName}". Can I ask how can I get it or where is visible on Azure website?
Thank you.
Hi @Zsolt Kallai
Of course, it's within your Azure tenant.
Go to Azure Portal > Azure AD > Users and enter the user id/UPN in the search bar.
Hi,
Thank you very much for your help, its all works now. The issue was the type of the email.
I used my personal insted of the work email address and this caused the issue. I subscribed to the exchange account for 4 GBP and its works well now. So the Graph API not working with personal account. Only with work email.
The only problem is, my Azure trial has been activated on my previous email, is it possible to move this free trial to the new email address? Or If I will use only API requests should I pay extra for this?
Thanks.
Hi @Zsolt Kallai
Trial licenses cannot be transferred to other users, if your old and new users are in the same tenant, then you can assign the O365 license to the new user. If your old and new users are in different tenants, then you need to request a new trial O365 license for the new users.
In addition, if you only use the graph API to get the user's email, then you only need to grant the O365 license to the target user, don't need to pay extra for this.
Hi @Zsolt Kallai
I am checking to see if this issue is resolved or not. If you have any concerns, please feel free to reply.
Thanks,
Carl
Hi @Zsolt Kallai
Please kindly consider this comment as a warm follow up, I want to know if my answer is helpful. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
