【问题标题】:What is the Correct Microsoft Graph API Permission for Reading Mailbox to specific user onlyWhat is the Correct Microsoft Graph API Permission for Reading Mailbox to specific user only
【发布时间】:2022-12-02 02:25:09
【问题描述】:

Good day! I just want to ask about microsoft graph Api permission, there's too many options here but my goal is to have the full access ONLY to specific account and read the mail box such as Subject, Email Body, attachment and Sender Email, the system will read the mails from the back end from the specific account only. (like a basic auth)

I'm trying to make system to my org. I don't have the full control in azure portal, so I create API Permission request.

What option need to include in my api permission request?

enter image description here

I saw the "Mail.Read" Option but I think the scope of this option is to access ALL other mail account without signing in. correct me if I'm wrong, but then what I really need is for single account only.

Thank you in advance

【问题讨论】:

    标签: api authentication outlook oauth microsoft-graph-api


    【解决方案1】:

    There is a separate Mail.Read permission for both Application and Delegated permissions. Application permissions allows the app to read mail in all mailboxes without a signed-in user where as Delegated permissions allows the app to read email in user mailboxes , check the doc for more info - https://learn.microsoft.com/en-us/graph/permissions-reference

    In your case you want to check your mail only , then you need to use Delegated permissions , which doesn't required admin conesent

    Hope this helps

    Thanks

    【讨论】:

      【解决方案2】:

      Access to Graph API is normally done one of two ways:

      The permissions required for the access type are different and are documented for each API endpiont under the Permissions sections. The on behalf of user access requires "delegated" type permissions and application access require application permissions.

      If you use "on behalf of user access" (i.e. you have a user fronting the authentication or you know the username/password) and the correct permissions for the api endponts you are using then you only have access to the data that that user has access too (even if you have permissions like ".all").

      If you use "application access" then normally you need higher permissions and you can normally read all user/org data. In some specific cases you can constrain application access. Email account access happens to be one. Follow the Limit Mailbox access instructions to limit a specific application id to a specific set of mailboxes.

      【讨论】:

        猜你喜欢
        • 2022-12-02
        • 1970-01-01
        • 2022-12-02
        • 2022-12-27
        • 1970-01-01
        • 2022-12-28
        • 2022-11-28
        • 2022-12-01
        • 2022-12-02
        相关资源
        最近更新 更多