Skip to content

GET /users/{id}/mailFolders/{id}/messages does not work with application access #1108

New issue
New issue
Closed
Closed
GET /users/{id}/mailFolders/{id}/messages does not work with application access#1108
Labels
status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience
@margold

Description

@margold
margold
opened on Feb 7, 2025

Describe the bug

GET /users/{id}/mailFolders/{id}/messages (see how I'm constructing it in the steps to reproduce) throws an error "Current authenticated context is not valid for this request. This occurs when a request is made to an endpoint that requires user sign-in." despite documentation saying it should work with application access. And I don't see a different way to fetch emails.

Expected behavior

GET /users/{id}/mailFolders/{id}/messages should fetch emails with application access.

How to reproduce

Register a new app, create a client secret, grant Mail.Read, MailboxFolder.Read.All, MailboxItem.Read.All
Get a ClientSecretCredential:

cred = ClientSecretCredential(
            tenant_id=tenant_id,
            client_id=client_id,
            client_secret=client_secret,
            authority=authority,
)

cred.get_token("https://graph.microsoft.com/.default") is successful, so this step works.

Then try to get the 10 most recent emails from a mailbox to which the app has access:

auth_provider = AzureIdentityAuthenticationProvider(cred)
adapter = GraphRequestAdapter(auth_provider)
client = GraphServiceClient(request_adapter=adapter, scopes=["https://graph.microsoft.com/.default"])

query_params = MessagesRequestBuilder.MessagesRequestBuilderGetQueryParameters(
    select = ["sender","subject"],
    orderby=["last_modified_time"],
    top=10,
)

request_config = MessagesRequestBuilder.MessagesRequestBuilderGetRequestConfiguration(
    query_parameters=query_params,
)

test_mailbox = "[redacted]@[redacted].onmicrosoft.com"

messages = await client.users.by_user_id(test_mailbox).mail_folders.by_mail_folder_id("Inbox").messages.get(request_configuration=request_config)

And I get

ODataError: 
        APIError
        Code: 400
        message: None
        error: MainError(additional_data={}, code='BadRequest', details=None, inner_error=InnerError(additional_data={}, client_request_id='51747274-6e50-4977-8f68-d2c356d1afe0', date=datetime.datetime(2025, 2, 7, 18, 11, 59), odata_type=None, request_id='3ecdb853-b996-4ab3-82e3-e41f67f8e84e'), message='Current authenticated context is not valid for this request. This occurs when a request is made to an endpoint that requires user sign-in. For example, /me requires a signed-in user.  Acquire a token on behalf of a user to make requests to these endpoints.  Use the OAuth 2.0 authorization code flow for mobile and native apps and the OAuth 2.0 implicit flow for single-page web apps.', target=None)

SDK Version

1.18.0

Latest version known to work for scenario above?

No response

Known Workarounds

I can't find any.

Debug output

Click to expand log

Configuration

msgraph-core==1.2.0
msgraph-sdk==1.18.0

Python 3.11.11

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions