Microsoft.Graph - Application Permissions - Microsoft Office 365 Scope - General Exception

Hello community,

I would like to send unattended emails with Azure App by using Microsoft Graph with application permissions type.

The admin access is granted.

I have defined multiple URI

But still I get the below error. Do you have any clue why??

Microsoft.Graph.ServiceException: Code: generalException
Message: An error occurred sending the request.
—> Microsoft.Identity.Client.MsalServiceException: AADSTS1002012: The provided value for scope Mail.ReadWrite Mail.Send User.Read is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI). Trace ID: Correlation ID: Timestamp: 2024-01-15 09:40:26Z at Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForClientParameters clientParameters, CancellationToken cancellationToken)
at UiPath.Shared.Authentication.Microsoft.Services.MsalLogonService.AuthenticateInternalAsync(OAuthDataOptions oauth, CancellationToken cancellationToken)

Hey @DELautomation

The scope value should be suffixed with ‘/.default’

Make sure that if your application ID URI is “api://your-app-id” , and the scope value is “api://your-app-id/.default”.

@DELautomation

Is the permission for User.Read granted?

Hello @Archana_Gulli
Thanks for reply. I added /.default and I still get the same error

image

@DELautomation

Application ID should be like: api://your-app-id

Scope value should be : api://your-app-id/.default

Do you mean to change the APP ID in UiPath? I added api:// but it throws an error. In Azure app I can not modify the app ID.

By scope do you mean this setup?

@DELautomation ,

When I mentioned specifying scopes for operations like Mail.ReadWrite, Mail.Send, and User.Read, I was referring to the permissions that need to be assigned to your Azure AD application in order to access Microsoft Graph API.

Ah ok, Thank you. Yes I have assigned those permissions.

@DELautomation ,
I don’t see permission granted to User.Read in the snip.

Indeed it was not added at the beginning but now it’s added and it still doesn’t work. For your reference, this is a snip from the studio

How do we do both of these things within the confines of the Office 365 Scope activity? Here s the properties panel:

have a check if the firstAid can be adapted to your case as well: