Task: I need to check my mail once a day. Task for the backend. Did according to the instructions on the link: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
I get a token like this:
eyJ0eXAiOiJKV1QiLCJub25jZSI6IjBXRnZ6dWdoVHotRFZNMXduUE9GNm5hYm1qeFlIWkQ5OWs0V2ExbUtnSFUiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyIsImtpZCI6ImpTMVhvMU9XRGpfNTJ2YndHTmd2UU8yVnpNYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kYzljYTFiYy1mYTQxLTQyMzUtOTg3Zi1kNGFhMDEwNmRhOGUvIiwiaWF0IjoxNjQ5MzI4ODE1LCJuYmYiOjE2NDkzMjg4MTUsImV4cCI6MTY0OTMzMjcxNSwiYWlvIjoiRTJaZ1lMaFI2dmE3OWZ4RHZ1blRaN0Y5YnY1VENRQT0iLCJhcHBfZGlzcGxheW5hbWUiOiJPdXRsb29rIGluYm94IGNoZWNrZXIiLCJhcHBpZCI6ImE2NDBmOTg4LWNmOTUtNDVkMS1hOGFkLWRlMDA1NDNkYTZhMyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2RjOWNhMWJjLWZhNDEtNDIzNS05ODdmLWQ0YWEwMTA2ZGE4ZS8iLCJpZHR5cCI6ImFwcCIsIm9pZCI6IjA2ZGQwMTdiLTVhMmMtNDYyMS1iNjllLTE5ZDMxY2UxNzFhMSIsInJoIjoiMC5BWGtBdktHYzNFSDZOVUtZZjlTcUFRYmFqZ01BQUFBQUFBQUF3QUFBQUFBQUFBQ1VBQUEuIiwicm9sZXMiOlsiTWFpbC5SZWFkV3JpdGUiLCJVc2VyLlJlYWRXcml0ZS5BbGwiLCJNYWlsLlJlYWRCYXNpYy5BbGwiLCJVc2VyLlJlYWQuQWxsIiwiTWFpbC5SZWFkIiwiTWFpbC5SZWFkQmFzaWMiXSwic3ViIjoiMDZkZDAxN2ItNWEyYy00NjIxLWI2OWUtMTlkMzFjZTE3MWExIiwidGVuYW50X3JlZ2lvbl9zY29wZSI6IkVVIiwidGlkIjoiZGM5Y2ExYmMtZmE0MS00MjM1LTk4N2YtZDRhYTAxMDZkYThlIiwidXRpIjoiTTNETjJJYkVMRUNmaFkzaG5qQVlBQSIsInZlciI6IjEuMCIsIndpZHMiOlsiMDk5N2ExZDAtMGQxZC00YWNiLWI0MDgtZDVjYTczMTIxZTkwIl0sInhtc190Y2R0IjoxNjQ5Mjc0NTg5fQ.HU8CkHdFdeXuAzRmu95U3TUavmubTUyb2lhb6l9UViKE0YuLpYr2RpOWuJBNCwi0M_-OPXwvHubWS3c4mz6v-WIYcU2ZOE2bZnkc8sNyu9zqonPX301Hl_TPHvaum10qB2ufMfdZCTe0QMgj-Pu5vOnZMKB5-cjEB16T4Fn5cyZHUa7LSP4Ok3Olf2625A7HJbMy-Z36j5XTZXXOLu1KCF-R4RY4urwwULthe4xMZvE_ksF94QzrCkHSbh5CuPWYkHBtVwWGYZc0jGchDwubXr3rJ7QhCC7hlfP3LEjJy2EB_BOEvkn_U_XXHYFryelz4S2hdthEXLWzQvqYuyMOCQ
I make a request: /users/f00ebc8e-9293-4c72-8dc4-5a5f9bfe5247/messages
In response I get an error: Client error:
GET https://graph.microsoft.com/v1.0/users/f00ebc8e-9293-4c72-8dc4-5a5f9bfe5247/messages
resulted in a 401 Unauthorized
response:
{"error":{"code":"OrganizationFromTenantGuidNotFound","message":"The tenant for tenant guid 'dc9ca1bc-fa41-4235-987f-d4aa0106da8e' does not exist.","innerError":{"oAuthEventOperationId": "4b71fc30-c038-433b-a951-08486f79f3e5","oAuthEventcV":"YWaaprenLXISnEtq/mrTBQ.1.1","errorUrl":"https://aka.ms/autherrors#error-InvalidTenant","requestId":"c236f885 -882b-49d9-81ca-1ce83b819cd0","date":"2022-04-07T10:59:37"}}}
If I make a request: /users/f00ebc8e-9293-4c72-8dc4-5a5f9bfe5247 - I get user data
If I make a request to /me/messages or /me I get an error:
Client error: GET https://graph.microsoft.com/v1.0/me/messages
resulted in a 400 Bad Request
response:
{"error":{"code":"BadRequest","message":"/me request is only valid with delegated authentication flow.","innerError":{"date":"2022-04-07T10:33:02","request-id":"2cd6413c-495e-468a-a3be-fff4efdb802a","client-request-id":"2cd6413c-495e-468a-a3be-fff4efdb802a"}}}
Why is this happening, because as far as I can see, I do everything according to the instructions?
How can I access emails in my mailbox?
Another interesting point, I noticed that in the sandbox (https://developer.microsoft.com/en-us/graph/graph-explorer) in the Access token tab, the token has a different look and is not decrypted using jwt.ms
But if I substitute this token in my program, I get access to my letters. How can I get this magic token programmatically through the backend?