使用ClientCredentialProvider发送电子邮件无法找到租户guid [英] Sending email using ClientCredentialProvider is failing to find tenant guid

问题描述

我正在使用Microsoft Identity的OAuth 2.0支持来使用Microsoft Graph发送电子邮件.

I am using Microsoft Identity's OAuth 2.0 support to send email using Microsoft Graph.

创建一个个人电子邮件帐户，名称为XXXX@outlook.com.使用此帐户，我登录到Azure AD并在其中创建一个租户.使用 ClientCredentialProvider (来自msgraph-sdk-auth-java)作为尝试向自己发送电子邮件的授权者.步骤:

Created a personal email account as XXXX@outlook.com. Using this account I login to Azure AD and create a tenant there. Used ClientCredentialProvider (From msgraph-sdk-auth-java) as authorizer trying to send an email to myself. Steps:

1. 创建了一个租户帐户.
2. 创建了一个应用程序，并在Graph> Application-> Send.email等中授予了权限
3. 创建了一个秘密密钥

以下是我得到的错误:

POST microsoft.graph.sendMail SdkVersion:graph-java/v1.5.0授权:Bearer_xv1yPye ...

POST microsoft.graph.sendMail SdkVersion : graph-java/v1.5.0 Authorization : Bearer _xv1yPye...

{
  "message": {
    "subject": "Test",
    "body": {
      "contentType": "text",
      "content": "The new cafeteria is open bujji."
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "xxxxx@outlook.com"
        }
      }
    ]
  },
  "saveToSentItems": true
}401: UnauthorizedStrict-Transport-Security: max-age=31536000Cache-Control: privatex-ms-ags-diagnostic: {
  "ServerInfo": {
    "DataCenter": "South India",
    "Slice": "SliceC",
    "Ring": "3",
    "ScaleUnit": "001",
    "RoleInstance": "AGSFE_IN_1"
  }
}client-request-id: 01565263-11b4-45f7-b089-06f57fdd8241request-id: 2e0cac3b-dc32-4dab-bb30-769590fc156eContent-Length: 361Date: Tue,
16Jun202007: 14: 42GMTContent-Type: application/json{
  "error": {
    "code": "OrganizationFromTenantGuidNotFound",
    "message": "The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.",
    "innerError": {
      "requestId": "01565263-11b4-45f7-b089-06f57fdd8241",
      "date": "2020-06-16T07:14:43",
      "request-id": "2e0cac3b-dc32-4dab-bb30-769590fc156e"
    }
  }
}

---

private static void sendEmail() {
    ClientCredentialProvider authProvider = new ClientCredentialProvider(
        "fb7f0ecc-b498-XXXX-XXXX-b016f252ea7d",
        Arrays.asList("https://graph.microsoft.com/.default"),
        "8-rpF8sOwV.CWF~7gK.XXXXXXXX.SSScxj0",
        "06841624-5828-4382-b0a0-XXXXXXe87b08f",
        NationalCloud.Global);
    IGraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider(authProvider).buildClient();

    Message message = new Message();
    message.subject = "Test";
    Ite * mBody body = new ItemBody();
    body.contentType = BodyType.TEXT;
    body.content = "The new cafeteria is open.";
    message.body = body;
    LinkedList < Recipient > toRecipientsList = new LinkedList < Recipient > ();
    Recipient toRecipients = new Recipient();
    EmailAddress emailAddress = new EmailAddress();
    emailAddress.address = "xxxxx@outlook.com";
    toRecipients.emailAddress = emailAddress;
    toRecipientsList.add(toRecipients);
    message.toRecipients = toRecipientsList;
    graphClient.me()
        .sendMail(message, true)
        .buildRequest()
        .post();
}

推荐答案

我想您想使用Microsoft Graph API从您的个人帐户电子邮件 XXXX@outlook.com 发送电子邮件.

I guess you want to use Microsoft Graph API to send email from your personal account email XXXX@outlook.com.

但是，当您使用此帐户登录Azure AD并创建租户，并在代码中使用 ClientCredentialProvider 时，该帐户将被视为租户的工作帐户(而非个人帐户)

But when you use this account to login to Azure AD and create a tenant, and use ClientCredentialProvider in your code, the account will be treated as a work account (not personal account) of your tenant.

因此，当工作帐户要发送电子邮件时，将需要O365订阅的Exchange在线许可.您没有使用Exchange在线许可证进行O365订阅.这就是为什么会出现此错误的原因:租户guid \ u002706841624-5828-4382-b0a0-XXXXXX87b08f \ u0027的租户不存在.

So when a work account wants to send an email, it will requires an Exchange online license of O365 subscription. You don't have O365 subscription with Exchange online license. That is why you get this error: The tenant for tenant guid \u002706841624-5828-4382-b0a0-XXXXXX87b08f\u0027 does not exist.

如果要通过个人帐户发送电子邮件，则无需创建AAD租户.并且您应该使用客户端凭据提供商.另一件事是个人帐户需要基于

If you want to send email from your personal account, it's unnecessary to create an AAD tenant. And you should use Authorization code provider rather than Client credentials provider. Another thing is that personal account requires Delegated permission rather than Application permission based on Send mail permissions. Create an application and give permission in Graph > Delegated > Mail.Send.

请注意，它可能要求范围为 https://graph.microsoft.com/mail.send 而不是 https://graph.microsoft.com/.default 代码>.

Please note it may require the scopes as https://graph.microsoft.com/mail.send instead of https://graph.microsoft.com/.default.

这篇关于使用ClientCredentialProvider发送电子邮件无法找到租户guid的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！