Share via

ErrorAccessDenied when using token to send an email.

DankinsCodes 1 Reputation point
2021-07-16T19:20:47.973+00:00

Hello,

I'm generating an access token by sending a POST to
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

I'm then trying to send an email by sending a POST to
https://graph.microsoft.com/v1.0/me/sendMail

However I get the error: 

{
  error: {
    code: 'ErrorAccessDenied',
    message: 'Access is denied. Check credentials and try again.'
  }
}

When using jws.ms it shows that my token has the role Mail.Send to access that scope
Any idea how I can resolve this?

Thank you.

Microsoft Security Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danstan Onyango 3,906 Reputation points Microsoft Employee
    2021-07-19T10:01:55.767+00:00

    You are using application permissions to call /me... endpoint which required signed in user (delegated permissions). Because your token has roles claim then you are using application permissions.

    To get this to work, if you are using application permissions eg using client credentials flow, then you need to call /user/{id | upn}/sendMail to send email.

    If you need to call /me/sendMail, then you need a logged in user and you must add the Mail.Send as a delegated permission then acquire the access token on behalf of user eg using authorization code flow

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.