2

I am using Microsoft Identity's OAuth 2.0 support to send email using Microsoft Graph.

Created a personal email account as XXXX@outlook.com. Using this account I login to Azure AD and create a tenant there. Used ClientCredentialProvider (From msgraph-sdk-auth-java) as authorizer trying to send an email to myself. Steps:

  1. Created a Tenant account.
  2. Created an application and given permission in Graph>Application->Send.email etc
  3. Created a Secret key

Below is the error I am getting:

POST microsoft.graph.sendMail SdkVersion : graph-java/v1.5.0 Authorization : Bearer _xv1yPye...

{
  "message": {
    "subject": "Test",
    "body": {
      "contentType": "text",
      "content": "The new cafeteria is open bujji."
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "xxxxx@outlook.com"
        }
      }
    ]
  },
  "saveToSentItems": true
}401: UnauthorizedStrict-Transport-Security: max-age=31536000Cache-Control: privatex-ms-ags-diagnostic: {
  "ServerInfo": {
    "DataCenter": "South India",
    "Slice": "SliceC",
    "Ring": "3",
    "ScaleUnit": "001",
    "RoleInstance": "AGSFE_IN_1"
  }
}client-request-id: 01565263-11b4-45f7-b089-06f57fdd8241request-id: 2e0cac3b-dc32-4dab-bb30-769590fc156eContent-Length: 361Date: Tue,
16Jun202007: 14: 42GMTContent-Type: application/json{
  "error": {
    "code": "OrganizationFromTenantGuidNotFound",
    "message": "The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.",
    "innerError": {
      "requestId": "01565263-11b4-45f7-b089-06f57fdd8241",
      "date": "2020-06-16T07:14:43",
      "request-id": "2e0cac3b-dc32-4dab-bb30-769590fc156e"
    }
  }
}

private static void sendEmail() {
    ClientCredentialProvider authProvider = new ClientCredentialProvider(
        "fb7f0ecc-b498-XXXX-XXXX-b016f252ea7d",
        Arrays.asList("https://graph.microsoft.com/.default"),
        "8-rpF8sOwV.CWF~7gK.XXXXXXXX.SSScxj0",
        "06841624-5828-4382-b0a0-XXXXXXe87b08f",
        NationalCloud.Global);
    IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();

    Message message = new Message();
    message.subject = "Test";
    Ite * mBody body = new ItemBody();
    body.contentType = BodyType.TEXT;
    body.content = "The new cafeteria is open.";
    message.body = body;
    LinkedList < Recipient > toRecipientsList = new LinkedList < Recipient > ();
    Recipient toRecipients = new Recipient();
    EmailAddress emailAddress = new EmailAddress();
    emailAddress.address = "xxxxx@outlook.com";
    toRecipients.emailAddress = emailAddress;
    toRecipientsList.add(toRecipients);
    message.toRecipients = toRecipientsList;
    graphClient.me()
        .sendMail(message, true)
        .buildRequest()
        .post();
}
Shama
  • 55
  • 1
bibhutik
  • 23
  • 4

2 Answers2

1

I guess you want to use Microsoft Graph API to send email from your personal account email XXXX@outlook.com.

But when you use this account to login to Azure AD and create a tenant, and use ClientCredentialProvider in your code, the account will be treated as a work account (not personal account) of your tenant.

So when a work account wants to send an email, it will requires an Exchange online license of O365 subscription. You don't have O365 subscription with Exchange online license. That is why you get this error: The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.

If you want to send email from your personal account, it's unnecessary to create an AAD tenant. And you should use Authorization code provider rather than Client credentials provider. Another thing is that personal account requires Delegated permission rather than Application permission based on Send mail permissions. Create an application and give permission in Graph > Delegated > Mail.Send.

Please note it may require the scopes as https://graph.microsoft.com/mail.send instead of https://graph.microsoft.com/.default.

Allen Wu
  • 15,529
  • 1
  • 9
  • 20
  • You are saying when I use personal account 1). no need to create a Tenant 2.) Create an application and give delegated permission. 3.) Use the constructor without tenant ID in Authorization code Provider. – bibhutik Jun 18 '20 at 04:51
  • @bibhutik Oh I'm sorry for a mistake. You need to create a tenant so that you can create an application and give delegated permission. But you should configure the value of the authority as `https://login.microsoftonline.com/common` instead of `https://login.microsoftonline.com/{your tenant}`. By using `common` it will treat your account as a personal account. – Allen Wu Jun 18 '20 at 05:41
0

Thanks, Allen for your help. I am able to send and receive emails from my outlook account. Using Authorization code provider 1. Login to Azure AD create an Application in "Application from Personl account". 2. Give permission Graph > Delegated > Mail.Send. 3. Provided Redirect URL as http://localhost:8080/muapp".Note Down all appId,Create a secret Key. 4.Now hit the below URL with the details 

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=40fcd457-1807-49e3-8bce-XXXXXX40ca194&response_type=code&redirect_uri=https://localhost/myapp/&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.send%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&state=12345

5. Acquire the code.This code we need to pass in Authorization code provider. 6.Scope "https://graph.microsoft.com/mail.send" 7. Authority "https://login.microsoftonline.com/consumers"

I have one question every time send an email I have to Acquire the code. Is there any Way this will have expiry date etc.???

bibhutik
  • 23
  • 4
  • I don't think you have to Acquire the code every time send an email. Just use the `graphClient`. The default life time of an access token is one hour. Besides, if my answer is helpful, you should mark my answer, not yours, which can encourage others to help you. – Allen Wu Jun 19 '20 at 08:40
  • @AllenWu Now I have work account enabled. But it require full_access permission to access any emailbox using EWS, Which is big security risk. Can you help me how we can leverage ClientCredentialProvider or anything else without full_access? My Application is a demon application. – bibhutik Jul 23 '20 at 13:12