Using userPrincipalName of a user created in tenant while sending mails using Graph API
Question
I'm using Graph API https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/sendMail to send email. On setting userPrincipalName of a user that already exists in my tenant as sender, it works perfectly. After creating a user in my tenant and using that userPrincipalName as sender, I don't see any emails being sent. Why is that? Am I missing something?
1 answers
solution1
0 2020-10-17 04:44:28
Whenever you are using delegated permissions (ie when a user is logged in), even though your admin has consented to the Mail.Send.Shared , it does NOT grant access to all mailboxes in the tenant. These OAuth permissions do not override the permissions (and restrictions) in place for the user.
If the user is not already configured with permissions to be able to "Send As" the notifications@contoso.com user, then you'll see this error.
To make it work, you'd need to actually grant "Send As" rights to all users that will be using your application.
This is a subtle thing, and granted it's a bit confusing. In the Azure portal, the permissions have slightly different descriptions, depending on if you're looking at the Application Permissions or the Delegated Permissions .
-
Application: Send mail as any user -
Delegated: Send mail on behalf of others
Another approach you could use here to avoid having to grant these rights to all users (which would allow them to send via Outlook, etc.) would be to have your backend app use the client credentials flow to get an app-only token. In that case, the app itself would have the permission to send as any user.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.