Invalid scope on email sending

[ShahbozHalim]

Describe the bug

  "error" => "invalid_scope"
  "error_description" => "AADSTS1002012: The provided value for scope Mail.Send is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI). Trace ID: 185a6ac5-d7dc-4421-b30b-502c4ba77300 Correlation ID: 43a59ceb-d5f5-4670-8191-04ba34594750 Timestamp: 2024-08-06 12:36:17Z"
  "error_codes" => array:1 [
    0 => 1002012
  ]
  "timestamp" => "2024-08-06 12:36:17Z"
  "trace_id" => "185a6ac5-d7dc-4421-b30b-502c4ba77300"
  "correlation_id" => "43a59ceb-d5f5-4670-8191-04ba34594750"

Expected behavior

I want to send an email

How to reproduce

$tokenRequestContext = new ClientCredentialContext(
            config('azura.tenant_id'),
            config('azura.client_id'),
            config('azura.client_secret'),
        );

    $scopes = ['Mail.Send'];
    $graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

    $sender = new EmailAddress();
    $sender->setAddress('[email protected]');
    $sender->setName('noreply');
    $fromRecipient = new Recipient();
    $fromRecipient->setEmailAddress($sender);

    $recipients = [];

    $recipientEmail = new EmailAddress();
    $recipientEmail->setAddress('[email protected]');
    $recipientEmail->setName('Jane Doe');
    $toRecipient = new Recipient();
    $toRecipient->setEmailAddress($recipientEmail);
    $recipients[] = $toRecipient;

    $emailBody = new ItemBody();
    $emailBody->setContent('Dummy content');
    $emailBody->setContentType(new BodyType(BodyType::TEXT));

    $message = new Message();
    $message->setSubject('Test Email');
    $message->setFrom($fromRecipient);
    $message->setToRecipients($recipients);
    $message->setBody($emailBody);

    $requestBody = new SendMailPostRequestBody();
    $requestBody->setMessage($message);

    $response = $graphServiceClient->me()->sendMail()->post($requestBody)->wait();

SDK Version

2.12

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

```

</details>


### Configuration

_No response_

### Other information

_No response_

[Ndiritu]

Hi @ShahbozHalim
When using the ClientSecretCredential/application permissions, ideally you should grant Mail.Read permissions to your app as shown here then pass the .default scope or leave the param empty in the constructor (which defaults to https://graph.microsoft.com/.default)

Let me know if this works

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.