"UnknownError " while accessing Graph API to get mailbox messages of the specific user with grant type as client_credentials. App only permissions

Question

I am trying to get the messages from outlook mailbox of a specific user. I created an app with permissions type "application" and permissions Mail.ReadBasic.All, Mail.Read, Mail.ReadWrite. I provided adminconsent with below url:

https://login.microsoftonline.com/{tenant}/adminconsent?client_id={}&secret_id={}&state=12345&redirect_uri=http://localhost:3000/myapp

and it returned adminconsent=true.

I am able to generate the token with https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token.

But when acccessing graph api I am getting unknown error.

https://graph.microsoft.com/v1.0/users/{mail id}/mailfolders/inbox/messages
Header : Authorization = Bearer ey....

Error:

{   "error": {
    "code": "UnknownError",
    "message": "",
    "innerError": {
      "request-id": "62f75bdd-948b-4f35-a400-cbc1650d37f7",
      "date": "2020-01-31T07:00:00"
    }   } }

UnknownError is tough to give an easy answer to. You should check your token at https://jwt.ms, make sure the `aud` claim is `https://graph.microsoft.com` and that the `roles` claim contains the permissions scopes you expect. If that all looks right, then I'd suggest having the user you're trying to access go to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) and see if they can access their mailbox. — Jason Johnston, Jan 31 '20 at 13:32
Hi Jason, I validated the token and able to see the "aud": "https://graph.microsoft.com", "roles": [ "Mail.ReadBasic.All", "Mail.Read", "Mail.ReadBasic" ] In the Graph explorer I am able to see the results for the user. One more question is., in graph explorer I am checking API with me/messages --- where me is sign in user. But the current use case I am checking for my email with API https://graph.microsoft.com/v1.0/users/{mail id}/mailfolders/inbox/messages — Naveen Yalla, Feb 01 '20 at 08:40
Check the value for `mail id` for your non-working users, and compare this with their UPN (userPrincipalName). If they don't match, this would be the issue. When you use /users/{id}, the `id` part has to either be the user's `id` or their `userPrincipalName`. You can find these by doing a GET /users via Graph. — Jason Johnston, Feb 03 '20 at 18:45
Yes Jason. I am providing the id rather than mail/upn to avoid name confusions. That id I am getting from GET /users. based on this id, results are not coming for some user ids. getting Unknown error — Naveen Yalla, Feb 04 '20 at 09:47

score 1 · Accepted Answer · answered Feb 04 '20 at 12:07

Results coming for some users and not coming for others is because their mail boxes setup.

Graph APIs work for Office 365 mail boxes which are saved in cloud.

So on premises mail boxes will not work for Graph APIs to read mails. Better exception other than Unknown error from the MS team much appreciated in terms of issue debugging.

score -1 · Answer 2 · answered Feb 01 '20 at 13:59

Finally this is getting some results. But I am not sure why it is working for some emails and not working for some other emails which are in the organisation.

For battle after battle, I finally gave a try to check results with changing emails. And results are coming for some emails.

Is this issue or something I have to look for users configurations.

"UnknownError " while accessing Graph API to get mailbox messages of the specific user with grant type as client_credentials. App only permissions

2 Answers2