NoPermissionsInAccessToken while trying to read mail from mailbox

Faraha 46 Reputation points
2020-06-16T19:58:15.91+00:00

I am using this

url:
https://login.microsoftonline.com/{my client id}/oauth2/v2.0/token

body:
{
"grant_type": "client_credentials",
"client_id" : "e87u998-8878-jju89-****",
"scope" : "https://graph.microsoft.com/.default",
"client_secret" : "***********"
}

and I fetched the access token successfully
After that I tried to read messages using
Url:
https://graph.microsoft.com/v1.0/users/Fnuaha@\*\*\*\*\*.com/messages
Authorization: Bearer 69909acesstoken-897899

and I and got this error message
{
"error": {
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
"innerError": {
"requestId": "ee4bb405-*-4b18-abcf-********",
"date": "2020-06-16T18:15:57",
"request-id": "ee4bb405-*
-4b18-abcf-****0b22c8**e"
}
}
}

My app has delegated access for User.Read and Mail.Read

Please suggest

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,488 questions
0 comments No comments
{count} votes

Accepted answer
  1. Saurabh Sharma 23,791 Reputation points Microsoft Employee
    2020-06-19T01:46:37.077+00:00

    @Faraha You need to provide Mail.Read Application permissions and then Grant Admin consents by using the Azure AD v2.0 “/adminconsent” endpoint.

    You need to build a Admin consent URL as shown below:

    https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}&state={random-string}&redirect_uri={redirect-url}.

    Please refer to the documentation for more information.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Faraha 46 Reputation points
    2020-06-19T13:42:14.74+00:00

    Thanks.I will try with that.

    0 comments No comments

  2. Faraha 46 Reputation points
    2020-06-22T18:50:27.44+00:00

    It worked.Thanks a lot :)