I am searching for solutions to authenticate with Microsoft Graph and get all my emails in Eclipse IDE. I have used the authentication method of 'Client Credentials Provider'. I am having issues with the SCOPES that need to be defined. Please find the error and my code below:
package JAVA_MicrosoftGraphAPI;
import java.net.URL;
import java.util.Arrays;
import java.util.List;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.microsoft.graph.authentication.TokenCredentialAuthProvider;
import com.microsoft.graph.logger.DefaultLogger;
import com.microsoft.graph.logger.LoggerLevel;
import com.microsoft.graph.models.User;
import com.microsoft.graph.requests.GraphServiceClient;
import okhttp3.Request;
public class YT_Video{
//Replace CLIENT_ID with your own client id from an app that is configured according to the requirements below
//for requirements visit: https://github.com/Azure/azure-sdk-for-java/wiki/Set-up-Your-Environment-for-Authentication#enable-applications-for-device-code-flow
private final static String CLIENT_ID = "61a75ccc-70f2-48f8-b0ff-2e8fa0f968c0";
private final static String TENANT_ID = "48942891-ee19-4912-ba1d-136b4b0d5697";
private final static String SECRET_ID = "49931b6f-302d-4c35-bcee-29a1d1e2e853";
//Set the scopes for your ms-graph request
private final static List<String> SCOPES = Arrays.asList("User.Read", "Mail.Read", "openid", "offline_access", "profile");
public static void main(String[] args) throws Exception {
// Create the auth provider.
final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId(CLIENT_ID)
.clientSecret(SECRET_ID)
.tenantId(TENANT_ID)
.build();
final TokenCredentialAuthProvider tokenCredAuthProvider = new TokenCredentialAuthProvider(SCOPES, clientSecretCredential);
System.out.println("First Step Reached. ");
// Create default logger to only log errors
DefaultLogger logger = new DefaultLogger();
logger.setLoggingLevel(LoggerLevel.ERROR);
// Build a Graph client
GraphServiceClient<Request> graphClient = GraphServiceClient.builder()
.authenticationProvider(tokenCredAuthProvider)
.logger(logger)
.buildClient();
System.out.println("Second Step Reached. ");
// Redirecting to web browser and signing in for authentication and connection.
URL myUrl = new URL("https://graph.microsoft.com/v1.0/me/");
final String accessToken = tokenCredAuthProvider.getAuthorizationTokenAsync(myUrl).get();
System.out.println("Access token --> " accessToken);
// Just another optional step to get name of signed-in user.
final User me = ((GraphServiceClient<Request>) graphClient).me().buildRequest().get();
System.out.println("Hello " me.displayName "( Synced !)");
System.out.println("Hello " me.mail "( Mail !)");
System.out.println("Got " me.messages.getCount() " messages !");
}
}
at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396)
at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073)
at JAVA_MicrosoftGraphAPI.YT_Video.main(YT_Video.java:67)
Caused by: com.microsoft.aad.msal4j.MsalServiceException: AADSTS1002012: The provided value for scope User.Read openid profile offline_access Mail.Read is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).
CodePudding user response:
You need to change the scope to https://graph.microsoft.com/.default.
//Set the scopes for your ms-graph request
private final static List<String> SCOPES = Arrays.asList("https://graph.microsoft.com/.default");
User.Read and Mail.Read permissions must be preconfigured in Azure on the app registration and an administrator must grant consent to those permissions beforehand.
Resources: