How to actually configure Microsoft Graph API for Mail

Question

I'm trying to work with the MS Graph APIs for the first time. What I want to do is simple in words- I want to create a daemon app which will keep checking for unread mails in a outlook / microsoft mailbox, if found it pulls the mail and processes the contents.

What I did so far

1. Logged in to Azure portal with my personal outlook ID and registered an app in the Azure AD. The app is registered with a valid publisher domain.
2. Updated the authentication section with a platform for Desktop/Mobile apps and configured the redirection URL as default. https://login.microsoftonline.com/common/oauth2/nativeclient
3. Added Permissions for the Graph API for Mails.
4. Starting working on a client code with Java SDK. I tried multiple Auth provider methods, when I'm trying to sign in and give the consent personal emails are not supported. I tried a work email based on microsoft, still it says no Token was sent. Eg

Exception in thread "main" com.microsoft.graph.core.ClientException: Error executing the request
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:400)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:220)
at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:197)
at com.microsoft.graph.http.BaseRequest.send(BaseRequest.java:332)
at com.microsoft.graph.requests.UserRequest.get(UserRequest.java:136)
at test.api.APITester.getClient(APITester.java:34)
at test.api.APITester.main(APITester.java:41)
Caused by: java.io.IOException: java.util.concurrent.ExecutionException: com.azure.core.exception.ClientAuthenticationException: Failed to acquire token with Interactive Browser Authentication.
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:65)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at com.microsoft.graph.httpcore.TelemetryHandler.intercept(TelemetryHandler.java:69)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:397)
... 6 more
Caused by: java.util.concurrent.ExecutionException: com.azure.core.exception.ClientAuthenticationException: Failed to acquire token with Interactive Browser Authentication.
at java.util.concurrent.CompletableFuture.reportGet(Unknown Source)
at java.util.concurrent.CompletableFuture.get(Unknown Source)
at com.microsoft.graph.httpcore.AuthenticationHandler.intercept(AuthenticationHandler.java:55)
... 12 more
Caused by: com.azure.core.exception.ClientAuthenticationException: Failed to acquire token with Interactive Browser Authentication.
at com.azure.identity.implementation.IdentityClient.lambda$authenticateWithBrowserInteraction$28(IdentityClient.java:703)
at reactor.core.publisher.Mono.lambda$onErrorMap$30(Mono.java:3384)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94)
at reactor.core.publisher.MonoFlatMap$FlatMapMain.secondError(MonoFlatMap.java:192)
at reactor.core.publisher.MonoFlatMap$FlatMapInner.onError(MonoFlatMap.java:259)
at reactor.core.publisher.MonoCompletionStage.lambda$subscribe$0(MonoCompletionStage.java:76)
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source)
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source)
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source)
at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source)
at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source)
at java.util.concurrent.ForkJoinTask.doExec(Unknown Source)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source)
at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source)
at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source)
Caused by: com.microsoft.aad.msal4j.MsalClientException: No Authorization code was returned from the server
at com.microsoft.aad.msal4j.AcquireTokenByInteractiveFlowSupplier.getAuthorizationResultFromHttpListener(AcquireTokenByInteractiveFlowSupplier.java:140)
at com.microsoft.aad.msal4j.AcquireTokenByInteractiveFlowSupplier.getAuthorizationResult(AcquireTokenByInteractiveFlowSupplier.java:64)
at com.microsoft.aad.msal4j.AcquireTokenByInteractiveFlowSupplier.execute(AcquireTokenByInteractiveFlowSupplier.java:37)
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)
... 6 more

Kindly give some info about

1. Can Graph API be used to operate with work accounts alone ?
2. Is there something missing in what I'm doing. I'm a complete noob w.r.t Graph APIs. Could not find a good example in google also to work the way up.

Java SDK- 3.3 and Java version 1.8

Answer 1

Firstly, you can access personal account email only with Delegated permission.

Delegated permission means that you HAVE TO implement user login for your personal account.

In your case, you are trying to create a daemon app that does not require user login and requires Application permission (In contrast of Delegated permission).

Therefore, your intended design cannot be achieved.

In summary, to access your personal account email, you should follow Quickstart: Add sign-in with Microsoft to a Java web app.

Remember that when creating the AAD app, you should set your AAD app registration with organization + personal or personal only which is suggested by @Dev in comment.

And in the step 3, set aad.authority=https://login.microsoftonline.com/common because /common can work for personal account.

Other reference: Get access on behalf of a user