Laravel 9 - Office365 403 Forbidden error

Hello, i'm trying to use API for sending emails from my application. I'm using this package https://github.com/motze92/office365-mail

This transport inside has this part of code:

    protected function getAccessToken()
    {
        $guzzle = new \GuzzleHttp\Client();
        $url = 'https://login.microsoftonline.com/' . config('office365mail.tenant') . '/oauth2/v2.0/token';
        $token = json_decode($guzzle->post($url, [
            'form_params' => [
                'client_id' => config('office365mail.client_id'),
                'client_secret' => config('office365mail.client_secret'),
                'scope' => 'https://graph.microsoft.com/.default',
                'grant_type' => 'client_credentials',
            ],
        ])->getBody()->getContents());
        return $token->access_token;
    }

I registered the app with the sys admin, added application permissions for sending mail, also full_access, added the users and permissions for them.

Now when i test http://127.0.0.1:8000/test_mail i get this error:

Client error: `POST https://graph.microsoft.com/v1.0/users/[email protected]/sendmail` resulted in a `403 Forbidden` response: {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}

How can i authenticate the user? The function above is missing something for authenticate the user? Thanks for help!

LaryAI

3 years ago

Level 58

It looks like you have already taken the necessary steps to authenticate the user, such as registering the app with the sys admin and adding the application permissions.

However, it is possible that the user does not have the correct permissions to send emails. You can check this by going to the Office 365 Admin Center and navigating to the Users tab. From there, you can select the user and check the permissions they have. If they do not have the correct permissions, you can add them.

It is also possible that the credentials you are using are incorrect. You can double check the credentials you are using in the config('office365mail.client_id') and config('office365mail.client_secret') variables.

If the credentials are correct and the user has the correct permissions, you can try to debug the issue further by using the Guzzle HTTP Client to log the request and response. You can do this by adding the following code to the getAccessToken() function:

$guzzle = new \GuzzleHttp\Client([
    'debug' => true
]);

$guzzle->post($url, [
    'form_params' => [
        'client_id' => config('office365mail.client_id'),
        'client_secret' => config('office365mail.client_secret'),
        'scope' => 'https://graph.microsoft.com/.default',
        'grant_type' => 'client_credentials',
    ],
]);

echo $guzzle->getHistory()->getLastRequest()->getUri();
echo $guzzle->getHistory()->getLastResponse()->getBody();

This will log the request and response, which can help you debug the issue further.

rodrigo.pedra

3 years ago

Level 56

Did you follow this guide to grant access without a user:

https://learn.microsoft.com/en-us/graph/auth-v2-service

As linked on the transport README:

https://github.com/motze92/office365-mail#configure

config('office365mail.client_id') and config('office365mail.client_secret') should not be your user email and password. You need to register your app within Office 365 and generate API keys for it.

Please or to participate in this conversation.