Reputation: 39
Microsoft Graph - No mailbox found
I have Office365 developer account with a couple of users. I am attempting to access their mail via a daemon app (i.e. headless) using the Microsoft Graph API.
I have verified that mailboxes exist for these users, but I'm getting an error:
ErrorNonExistentMailbox
No mailbox was found that includes the specified identity: `[email protected]`
I have previously obtained a token as a registered app (via apps.dev.microsoft.com) and included it with the following request URL:
https://graph.microsoft.com/v1.0/users/[email protected]/messages
Any guidance?
The token comes to me in the first operation like this:
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 0,
"access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFRQUJBQUFBQUFEWDhHQ2k2SnM2U0s4MlRzRDJQYjdyblpfdTg3QjlwS2hFeG5ncFRpS1gwczVwY2k1YnpobHZDdTFlVi1uRlFkRk0yMHlJZ1MxdnlBbC1UUnBYdGNoakxIYkhMb21hT28wb3UxaTkxYnJKRENBQSIsImFsZyI6IlJTMjU2IiwieDV0IjoiaUJqTDFSY3F6aGl5NGZweEl4ZFpxb2hNMllrIiwia2lkIjoiaUJqTDFSY3F6aGl5NGZweEl4ZFpxb2hNMllrIn0.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDcvIiwiaWF0IjoxNTI3NTM1NTU5LCJuYmYiOjE1Mjc1MzU1NTksImV4cCI6MTUyNzUzOTQ1OSwiYWlvIjoiWTJkZ1lHaTl6Zi9XNWVTTXlPZ0ppc3NxMThUSkFRQT0iLCJhcHBfZGlzcGxheW5hbWUiOiJJbmZvcm1hdGljYSBDQUkgaXoiLCJhcHBpZCI6IjQ0YTA4YWU3LTZiYzItNGEzMy04MmNiLTAzNzZhMzkxYjdhZCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzcyZjk4OGJmLTg2ZjEtNDFhZi05MWFiLTJkN2NkMDExZGI0Ny8iLCJ0aWQiOiI3MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDciLCJ1dGkiOiI4RnlhZUZ0ZHVFdWRjcFBNYmswYkFBIiwidmVyIjoiMS4wIn0.DMpgiNfazeDd2KsEjHAggKAg3STMeK59ls9-whHaf-UEON_fvP45ay6PrqfAnwdqz-QKmX-8ikyiM8zuE5r8IGL1d7zYzJCnIECeQwtg8OKzYJPyDW7V0RAF0yePT2fg22luGhFz5yqzjSGlxhWauZmkmXq7JrGrO7fhzAUwoJh7XJrIOlfj098LPoTrmfAaOn36hBmmcQyuFNDhW5E6oXqZsyssJ5SKvaXN_w62IrXv2-nmIkZwyqcrVlCnX_Q1ytrFuc_xItL0FFe_5MbRiF-JIxdbeFNE8LR06mFWfEGHyJu01SJvgxE9500nVzok94qCX-r5lxN0WqVLOuTqEg"
}
Upvotes: 2
Views: 1242
Answers (2)
Reputation: 844
Just to clarify Aldu's answer, I did also have the same issue.
Obtaining the admin consent, it is fine to use /common as in step 2 of the instructions .
However, then requesting an access token from the microsoft auth server via client_credentials at https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token, I found I needed to replace tenant with a tenant ID. That changed my access token and allowed access to the resources.
Upvotes: 1
Reputation: 39
I found what I was doing wrong. When requesting the token initially, I was using "common" as the tenant portion of the URL. Apparently, although legal, this does not give the appropriate permissions. The token I got back, when decoded, does not list any permissions, and this would have been a clue if only I had been a little more familiar with the JWT token content and format.
Once I changed the tenant portion of the URL to either the tenant GUID (retrieved from AD), or the fully qualified domain name (something like yy.onmicrosoft.com in my case), I got back a different token, one that includes a list of the Microsoft Graph permissions I had granted in the app registration portal.
Using this new token, I was able to retrieve the mail from the mailbox of any user in my domain. Thanks to Marc for pointing me in the right direction.
Upvotes: 1
Related Questions
- Microsoft Graph API returning 503/504 errors
- Graph API fails for Archive mailboxes
- Microsoft Graph API return ErrorInvalidMailboxItemId error
- Microsoft Graph API - 503 Service Unavailable
- Cannot get MailboxSettings from Microsoft Graph with .Net SDK
- Getting Mailbox Aliases for Personal Accounts in Microsoft Graph API not working
- "Status Code: NotFound; Reason: Not Found" when creating subscription to on-premise mailbox
- Microsoft Graph API status code 404 not found error
- ResourceNotFound when request the messages in the mail box
- Failed to accept the event