尝试使用 Graph API 发送邮件时出现 405/404 错误（OAuth2 客户端凭据流）

Question

I'm making a Java application to send Mail as any user in a Microsoft tenant, with Graph APIs, so I'm using the client credentials flow (no login, automatic send). I've registered an app in Azure AD giving the following application permissions (not delegated) , checking out the admin consent for every item:

• Mail.Send
• Mail.ReadWrite
• User.Read.All

For semplicity, I've tried also with calls in Postman, but I have the same issue as in the Java app. I take for granted that I have got a valid access token (If I try with an invalid one, I get a 401: Unauthorized ). The following is the decoded access token that I get from https://jwt.ms/ , with all the scopes included :

...
  "roles": [
    "Mail.ReadWrite",
    "User.Read.All",
    "Mail.Send"
  ],
...

This is my code in Java:

String user = "/users/<my user id or my user principal name>";
    
    UserRequestBuilder defaultUser = new UserRequestBuilder(graphClient.getServiceRoot() + user, graphClient, null);
    
    //graphClient.me()
    defaultUser
        .sendMail(UserSendMailParameterSet
            .newBuilder()
            .withMessage(message)
            .withSaveToSentItems(saveToSentItems)
            .build())
        .buildRequest()
        .post();

I can't use the "me" target ( me() method) because this is client credentials flow, so there isn't a logged user. I need to specify the sender in this way: /users/{id | userPrincipalName}/sendMail /users/{id | userPrincipalName}/sendMail .

This is how the call in Postman is composed:

Method: POST

URL:

• .https://graph.microsoft.com/v1.0/users/ {my user id or my user principal name} /sendMail

AUTHORIZATION:

• Bearer Token (my access token)

HEADERS:

• Content-Type: application/json

BODY(JSON):

{
    "recipient":    <recipient email>,
    "subject":      "This is a test mail",
    "from":         <mail that created the tenant, app and access token>,
    "text":         "This is the messge body..."
}

That's the response from the server (in both Postman and Java app):

STATUS: 405: Method Not Allowed

BODY:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "Specified HTTP method is not allowed for the request target.",
        "innerError": {
            "date": "2022-08-05T07:17:34",
            "request-id": "XXXXXXXX-6075-4d13-83ed-XXXXXXXXXXXX",
            "client-request-id": "XXXXXXXX-6075-4d13-83ed-XXXXXXXXXXXX"
        }
    }
}

Note 1: I got my user id and my user principal name also with a Postman call using my access token, exploiting the User.Read.All permission, with the following call:

https://graph.microsoft.com/v1.0/users

That's the response:

...
            "userPrincipalName": "XXXXXX_XXXXXX.XXX#EXT#@sendClientCredMail.onmicrosoft.com",
            "id": "XXXXXXXX-4457-4944-bb22-XXXXXXXXXXXX"
        }
    ]
}

Note 2: Note that if I use the "principal name" in the call, I get a 405, if I use the "id" instead I get a 404: Not Found

Thanks in advance for any help, I've been trying for hours!

Answer 1

SOLVED

As Optimal said in the comments, the issue was that the user didn't have a licensed mailbox. When I assigned a "Microsoft 365 Business Premium" license to that user, my code worked fine. Check the licenses both on portal.azure.com for assignments, and on admin.microsoft.com for the active mailbox

Kind regards