Sending email using ClientCredentialProvider is failing to find tenant guid

怎甘沉沦 提交于 2021-01-28 19:01:44

问题


I am using Microsoft Identity's OAuth 2.0 support to send email using Microsoft Graph.

Created a personal email account as XXXX@outlook.com. Using this account I login to Azure AD and create a tenant there. Used ClientCredentialProvider (From msgraph-sdk-auth-java) as authorizer trying to send an email to myself. Steps:

  1. Created a Tenant account.
  2. Created an application and given permission in Graph>Application->Send.email etc
  3. Created a Secret key

Below is the error I am getting:

POST microsoft.graph.sendMail SdkVersion : graph-java/v1.5.0 Authorization : Bearer _xv1yPye...

{
  "message": {
    "subject": "Test",
    "body": {
      "contentType": "text",
      "content": "The new cafeteria is open bujji."
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "xxxxx@outlook.com"
        }
      }
    ]
  },
  "saveToSentItems": true
}401: UnauthorizedStrict-Transport-Security: max-age=31536000Cache-Control: privatex-ms-ags-diagnostic: {
  "ServerInfo": {
    "DataCenter": "South India",
    "Slice": "SliceC",
    "Ring": "3",
    "ScaleUnit": "001",
    "RoleInstance": "AGSFE_IN_1"
  }
}client-request-id: 01565263-11b4-45f7-b089-06f57fdd8241request-id: 2e0cac3b-dc32-4dab-bb30-769590fc156eContent-Length: 361Date: Tue,
16Jun202007: 14: 42GMTContent-Type: application/json{
  "error": {
    "code": "OrganizationFromTenantGuidNotFound",
    "message": "The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.",
    "innerError": {
      "requestId": "01565263-11b4-45f7-b089-06f57fdd8241",
      "date": "2020-06-16T07:14:43",
      "request-id": "2e0cac3b-dc32-4dab-bb30-769590fc156e"
    }
  }
}

private static void sendEmail() {
    ClientCredentialProvider authProvider = new ClientCredentialProvider(
        "fb7f0ecc-b498-XXXX-XXXX-b016f252ea7d",
        Arrays.asList("https://graph.microsoft.com/.default"),
        "8-rpF8sOwV.CWF~7gK.XXXXXXXX.SSScxj0",
        "06841624-5828-4382-b0a0-XXXXXXe87b08f",
        NationalCloud.Global);
    IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();

    Message message = new Message();
    message.subject = "Test";
    Ite * mBody body = new ItemBody();
    body.contentType = BodyType.TEXT;
    body.content = "The new cafeteria is open.";
    message.body = body;
    LinkedList < Recipient > toRecipientsList = new LinkedList < Recipient > ();
    Recipient toRecipients = new Recipient();
    EmailAddress emailAddress = new EmailAddress();
    emailAddress.address = "xxxxx@outlook.com";
    toRecipients.emailAddress = emailAddress;
    toRecipientsList.add(toRecipients);
    message.toRecipients = toRecipientsList;
    graphClient.me()
        .sendMail(message, true)
        .buildRequest()
        .post();
}

回答1:


I guess you want to use Microsoft Graph API to send email from your personal account email XXXX@outlook.com.

But when you use this account to login to Azure AD and create a tenant, and use ClientCredentialProvider in your code, the account will be treated as a work account (not personal account) of your tenant.

So when a work account wants to send an email, it will requires an Exchange online license of O365 subscription. You don't have O365 subscription with Exchange online license. That is why you get this error: The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.

If you want to send email from your personal account, it's unnecessary to create an AAD tenant. And you should use Authorization code provider rather than Client credentials provider. Another thing is that personal account requires Delegated permission rather than Application permission based on Send mail permissions. Create an application and give permission in Graph > Delegated > Mail.Send.

Please note it may require the scopes as https://graph.microsoft.com/mail.send instead of https://graph.microsoft.com/.default.




回答2:


Thanks, Allen for your help. I am able to send and receive emails from my outlook account. Using Authorization code provider 1. Login to Azure AD create an Application in "Application from Personl account". 2. Give permission Graph > Delegated > Mail.Send. 3. Provided Redirect URL as http://localhost:8080/muapp".Note Down all appId,Create a secret Key. 4.Now hit the below URL with the details

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=40fcd457-1807-49e3-8bce-XXXXXX40ca194&response_type=code&redirect_uri=https://localhost/myapp/&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.send%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&state=12345

5. Acquire the code.This code we need to pass in Authorization code provider. 6.Scope "https://graph.microsoft.com/mail.send" 7. Authority "https://login.microsoftonline.com/consumers"

I have one question every time send an email I have to Acquire the code. Is there any Way this will have expiry date etc.???



来源:https://stackoverflow.com/questions/62409380/sending-email-using-clientcredentialprovider-is-failing-to-find-tenant-guid

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!