0

Facing token permission issue while trying to access Graph API from postman.

We have app id created for our shared mailbox and this app id has been granted below permissions for Graph API- • Microsoft Graph \ Read user mail \ Delegated • Microsoft Graph \ Read and write access to user mail \ Delegated • Microsoft Graph \ Send mail as a user \ Delegated • Microsoft Graph \ Read user mailbox settings \ Delegated • Microsoft Graph \ Read and write user mailbox settings \ Delegated

We ae able to generate the token from URL(https://login.microsoftonline.com/tenantId/oauth2/token) emphasized text While using this token to access graph API using below URL for reading the shared mailbox messages we are error- • https://graph.microsoft.com/v1.0/me/mailfolders/Inbox/messageshttps://graph.microsoft.com/v1.0/me

Error Message:- "The token contains no permissions, or permissions can not be understood."

Improve this question

1 Answer 1

Reset to default
0

To get the messages of a shared mailbox, you need the Mail.Read.Shared permission.

And then access the message with the following url:

https://graph.microsoft.com/v1.0/users/{shared_mailbox_id}/messages

Update:

A. If you want to specify scopes, you need to use Azure AD V2. Azure AD V1 only supports resource, but V2 supports scopes.

V2 authorization endpoint:

https://login.microsoftonline.com/tenantId/oauth2/v2.0/authorize

V2 token endpoint:

https://login.microsoftonline.com/tenantId/oauth2/v2.0/token

B. Register an application in Azure AD, add necessary permission, and click grant admin consent for your organization

enter image description here

C. Acquire a token with oauth2 auth code grant flow. Here I will use postman for convenience. enter image description here

Click request token, you will be asked to enter your credentials. (if not, please clear cookies in postman) enter image description here

D. Then I can get an access token with required permission.

enter image description here

E. Finally, I can use the token to get the messages from shared mailbox

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

Thanks Jack. Would you also suggest Mail.ReadWrite.Shared permission be able to respond on behalf of this mailbox via our app?
@kratiAgarwal Mail.ReadWrite.Shared permission allows the app to create, read, update, and delete mail that the user has permission to access, including the user's own and shared mail. Does not include permission to send mail.
What access would I need to be able to respond to an email coming in the shared mailbox?
Mail.Send.Shared. For more details, please refer to: learn.microsoft.com/en-us/graph/…
Shared Mailbox has got Mail.Read.Shared permission but still we are getting same error. "The token contains no permissions or permissions can not be understood."
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.