I have a problem auth with microsoft graph api. I never work with it. I try to write application responsible for downloading attachments from mails.
The program will be scheduled from platform so it cannot get admin consent (therefore authorize using Client Credentials). Every code example I found required an user interaction to sig in on microsoft to get a token.
I received from admin in my company below items: clientID, tenantID, app name, mailbox address and permission EWS.AccessAsUser.All (should I request about Mail.Read permission? mailbox can be easily migrate to 0365. If I well understand EWS is for exchange)
I’d like to connect to mailbox and download attachments. Is any way to receive authentication with clientID, tenantID ? any provider exist ? without user interaction to get a token?
Advertisement
Answer
You can obtain an app-only token by using Microsoft Graph Java SDK.
ClientCredentialProvider authProvider = new ClientCredentialProvider(
this.clientId,
this.scopes,
this.clientSecret,
this.tenantId,
this.endpoint);
IGraphServiceClient graphClient = GraphServiceClient
.builder()
.authenticationProvider(authProvider)
.buildClient();
You can find a full example in the java spring webhook sample. There’s however a small caveat because of the authentication SDK as described here.
The permission you need to request is Mail.Read of type Application Permission under Microsoft Graph in the application registration portal. Once you’ve added that permission, do not forget to click the Grant admin consent for XXX button on top of the permission list (this is how you grant permissions if you don’t have a UI flow).
Lastly, EWS is a separate API from Microsoft Graph, you shouldn’t need any permission for it in your case.