Unauthorized 401 when i access /user/{id}/messages through graph api within delegated mode
I have meet big problem about read mail from my outlook account, it takes me about serval days, however still failed, somebody can help me?
I am referring to this document:
https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http
Here is my code:
Step 1: (get code)
https://login.microsoftonline.com/c4acbf1d-ea8c-4147-8bbf-23e6f48ffb3e/oauth2/v2.0/authorize?client_id=2b331fc4-2778-4ada-93c0-33cbbbeed6db&response_type=code&redirect_uri=http://localhost:8888/auth&response_mode=query&scope=offline_access%20User.Read%20Mail.Read%20Mail.ReadBasic&state=test123
code is: 1.AcYAHb-sxIzqR0GLvyPm9I_7PsQfMyt4J9pKk8Azy7vu1tvpAADGAA.AgABBAIAAABVrSpeuWamRam2jAF1XRQEAwDs_wUA9P_7JtLMtdErg-aeUPnOQWCp.......
Step 2: (get token)
Then i got token and refresh token, scope is correct
Step 3: (test get users)
Yes, successfully get user info.
Step 4: (test get user mail messages)
Unfortunately, it failed, i don't know why and how to fix it, please help, thanks.
This is my request header: Req header snapshot
While when i use another mode, Get access without a user, still have the same problem, Of course, I used another method to obtain the new token, which is valid because I have already obtained the user's ID. the doc: https://learn.microsoft.com/en-us/graph/auth-v2-service?tabs=http
GET https://graph.microsoft.com/v1.0/users/9dfb85a5-b8bb-4e7d-8e05-a60d418ca16d/messages?$select=sender,subject
Authorization: Bearer ey.....TJxBtlAXdJARLAJP4KcQ9mnA
User-Agent: IntelliJ HTTP Client/IntelliJ IDEA 2024.2.1
Accept-Encoding: br, deflate, gzip, x-gzip
Accept: */*
content-length: 0
Reponse:
HTTP/2 401 Unauthorized
cache-control: private
strict-transport-security: max-age=31536000
request-id: 7e3e5860-1bf0-4d7f-8701-c593b759f488
client-request-id: 7e3e5860-1bf0-4d7f-8701-c593b759f488
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"Korea Central","Slice":"E","Ring":"4","ScaleUnit":"003","RoleInstance":"SE1PEPF0001058B"}}
date: Fri, 09 May 2025 06:39:00 GMT
content-length: 0
x-http2-stream-id: 3
<Response body is empty>
Response code: 401 (Unauthorized); Time: 1563ms (1 s 563 ms); Content length: 0 bytes (0 B)
As you want to read messages from personal Microsoft account, make sure to create app registration with supported account type as 'Accounts in any organizational directory (any Microsoft Entra ID tenant – multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)
Initially, I created an app registration with the supported account type set to 'Accounts in any organizational directory (any Microsoft Entra ID tenant – multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)'. I provided the redirect URI as http://localhost:8888/auth,
Granted below API permissions:
Make sure to invite your outlook personal Microsoft account into azure
After that, I generated the authorization code using the endpoint below, using 'common' instead of the tenant ID
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=<Enter your client ID>
&response_type=code
&redirect_uri=http://localhost:8888/auth
&response_mode=query
&scope=Mail.Read User.Read openid offline_access
After that, you will be prompted to sign in use your personal Microsoft Outlook account
Then after, by using the endpoint below, you can generate an access token to fetch messages from your personal Microsoft Outlook account. Use common instead of tenant ID, and update the parameters in the body such as client_id, scope, code, redirect_uri, grant_type, and client_secret.
https://login.microsoftonline.com/common/oauth2/v2.0/token
To get the messages from a personal Microsoft account, use the endpoint below
https://graph.microsoft.com/v1.0/me/messages
Response: I am able to fetch messages; the screenshot below is for your reference.
And verified messages in my outlook as well
- (Not a) Bug in spring framework forward
- How I can compare Null entity without throws NullPointerException
- Update a simple database SQLite Android
- Android - Maps don't scroll horizontally
- Why does UIManager.getDefaults().keySet() return different values than UIManager.getDefaults().keys()?
- Explain the functionality of JSON
- How to manually publish JAR to maven central?
- How to set database jdbc url for Google Cloud SQL on quarkus?
- How to cast an Object to an int
- Java 8 Stream to find element in list
- Spring Boot 3.4.6 validation not triggering for @Email and @NonNull on MongoDB @Document entity
- Keycloak admin client responds with Bad Request to attempt to list realms
- How to set JAVA_HOME environment variable on Mac OS X 10.9?
- Drawing a Fractal Tree by Processing
- Upgrading to Spring Boot 3.2 with Spring Security 6.2.0: Name for argument of type [java.lang.String] not specified
- I can't see Swing JSeparator
- Why there is no `TreeList` implementation of the `List` interface in Java?
- Mockito is currently self-attaching to enable the inline-mock-maker. This will no longer work in future releases of the JDK
- Free scroll pane (JavaFX)
- Annotate JUnit @Test case with custom aspect annotation
- Why can't a Java class be both abstract and final
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- Can't compile/run a java project in IntelliJ
- How do I convert Long to byte[] and back in java
- When should we use @Component in Spring?
- Observer is deprecated in Java 9. What should we use instead of it?
- "Cannot resolve com.squareup.okhttp3:mockwebserver:unknown" error after upgrade to Spring Boot 3.4.0
- JAXb not populating object during unmarshal
- Spring Cloud Gateway Server MVC - Can we use Spring MVC with Spring Cloud Gateway?
- com.google.firebase.database.DatabaseException : Expected a Map while deserializing, but got a class java.lang.Long