Home > Net >  How to authenticate and get emails with Microsoft Graph
How to authenticate and get emails with Microsoft Graph

Time:02-11

I am searching for solutions to authenticate with Microsoft Graph and get all my emails in Eclipse IDE. I have used the authentication method of 'Client Credentials Provider'. I am having issues with the SCOPES that need to be defined. Please find the error and my code below:

package JAVA_MicrosoftGraphAPI;

import java.net.URL;
import java.util.Arrays;
import java.util.List;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.graph.authentication.TokenCredentialAuthProvider;
import com.microsoft.graph.logger.DefaultLogger;
import com.microsoft.graph.logger.LoggerLevel;
import com.microsoft.graph.models.User;
import com.microsoft.graph.requests.GraphServiceClient;
import okhttp3.Request;

public class YT_Video{

    //Replace CLIENT_ID with your own client id from an app that is configured according to the requirements below
    //for requirements visit: https://github.com/Azure/azure-sdk-for-java/wiki/Set-up-Your-Environment-for-Authentication#enable-applications-for-device-code-flow
    private final static String CLIENT_ID = "61a75ccc-70f2-48f8-b0ff-2e8fa0f968c0";
    private final static String TENANT_ID = "48942891-ee19-4912-ba1d-136b4b0d5697";
    private final static String SECRET_ID = "49931b6f-302d-4c35-bcee-29a1d1e2e853";

    //Set the scopes for your ms-graph request
    private final static List<String> SCOPES = Arrays.asList("User.Read", "Mail.Read", "openid", "offline_access", "profile");

    public static void main(String[] args) throws Exception {
        // Create the auth provider.        
        final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
                .clientId(CLIENT_ID)
                .clientSecret(SECRET_ID)
                .tenantId(TENANT_ID)
                .build();
        
        
        
        final TokenCredentialAuthProvider tokenCredAuthProvider = new TokenCredentialAuthProvider(SCOPES, clientSecretCredential);
        System.out.println("First Step Reached. ");


        // Create default logger to only log errors
        DefaultLogger logger = new DefaultLogger();
        logger.setLoggingLevel(LoggerLevel.ERROR);


        // Build a Graph client
        GraphServiceClient<Request> graphClient = GraphServiceClient.builder()
                .authenticationProvider(tokenCredAuthProvider)
                .logger(logger)
                .buildClient();
        System.out.println("Second Step Reached. ");

        // Redirecting to web browser and signing in for authentication and connection.
        URL myUrl = new URL("https://graph.microsoft.com/v1.0/me/");
        final String accessToken = tokenCredAuthProvider.getAuthorizationTokenAsync(myUrl).get();
        System.out.println("Access token --> "   accessToken);

        // Just another optional step to get name of signed-in user.
        final User me = ((GraphServiceClient<Request>) graphClient).me().buildRequest().get();
        System.out.println("Hello "   me.displayName    "( Synced !)");
        System.out.println("Hello "   me.mail    "( Mail !)");
        System.out.println("Got "   me.messages.getCount()   " messages !");

    }

}




at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
    at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
    at JAVA_MicrosoftGraphAPI.YT_Video.main(YT_Video.java:67)
Caused by: com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope User.Read openid profile offline_access Mail.Read is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).

CodePudding user response:

You need to change the scope to https://graph.microsoft.com/.default.

//Set the scopes for your ms-graph request
private final static List<String> SCOPES = Arrays.asList("https://graph.microsoft.com/.default");

User.Read and Mail.Read permissions must be preconfigured in Azure on the app registration and an administrator must grant consent to those permissions beforehand.

Resources:

Client credentials provider

  • Related