I have a C# solution that I use to retrieve Mails via Microsoft Graph API. Currently I get the access token interactively via
var pcApplication = PublicClientApplicationBuilder.Create(clientId).Build();
AcquireTokenInteractiveParameterBuilder acquireTokenInteractiveParameterBuilder =
pcApplication.AcquireTokenInteractive(scopes);
acquireTokenInteractiveParameterBuilder.WithLoginHint(login);
acquireTokenInteractiveParameterBuilder.WithAuthority(authorityUri);
AuthenticationResult authResult = await acquireTokenInteractiveParameterBuilder.ExecuteAsync();
and aquire a new token silently with existing token like this:
var pcApplication = PublicClientApplicationBuilder.Create(clientId).Build();
AuthenticationResult authResult = await pcApplication.AcquireTokenSilent(scopes, login).ExecuteAsync();
My scopes are { "Mail.ReadWrite", "Mail.ReadWrite.Shared", "Mail.Send" }.
I do not want to use Application permissions, but User delegated permissions.
Now I want to access a resource as an impersonated user in form of technicalUser@domain\impersonatedUser. But when I want to call graphclient.Users[User] where User is my impersonated user with the token Cache of the user, I get an error message saying I have not the right permissions.
Am I missing something in my scope or am I missing something in my code with the token flow?
