Sending email from AL failing with could not get access token

Hi there,

I’ve got an AL routine that sends email just fine if a user clicks an action. However I need to have my service app running as an Azure AD Application call this email function. It gets the following stack trace.

“Email - OAuth Client”(CodeUnit 4507).TryGetAccessTokenInternal - Email - Outlook REST API by Microsoft
“Email - OAuth Client”(CodeUnit 4507).GetAccessToken - Email - Outlook REST API by Microsoft
“Email - Outlook API Helper”(CodeUnit 4509).Send line 13 - Email - Outlook REST API by Microsoft
“Microsoft 365 Connector”(CodeUnit 4503).Send line 4 - Email - Microsoft 365 Connector by Microsoft
“Send Email”(CodeUnit 8890).OnRun(Trigger) line 5 - System Application by Microsoft
“Email Dispatcher”(CodeUnit 8888).OnRun(Trigger) line 30 - System Application by Microsoft
“Email Impl”(CodeUnit 8900).Send line 41 - System Application by Microsoft
“Email Impl”(CodeUnit 8900).Send line 4 - System Application by Microsoft
“Email Impl”(CodeUnit 8900).Send line 7 - System Application by Microsoft
Email(CodeUnit 8901).Send line 2 - System Application by Microsoft
“Email Notifications”(CodeUnit 60505).AlertNotify line 16 - Denbridge Data Service by Port of Aberdeen

The code it’s calling is a very simple

EmailMsg.Create(TxtRecipientList, header, message, false);
Email.Send(EmailMsg, Enum::“Email Scenario”::“Denbridge Sync Scenario”);

The scenario exists and as I saw all works perfectly when initiated by a user action largely I suspect because the email is then sent by the user.

I suspect the issue is probably permissions and somewhere I need to set something to allow the Azure AD App to send as the email scenario user. I think this could be in the API permissions of the Azure AD App but I’ve tried adding the obvious ones in Microsoft Graph ie: all of the Mail. ones particularly Mail.Read and Mail.Send permission has been granted on behalf of organisation.

Anyone know how to get al code to send an email when the code is running from an Azure AD app and not via user actions?

How did you setup your Mail Account in BC, looks like you setup you Mail Account as “Current User”, you need to setup “Microsoft 365” in this case the authentification is stored and every logged in user uses the same credentials

ksnip_20230223-193026577×537 16.1 KB

No it is setup as Microsoft 365.

The point is that the task is running via an Azure Web Service APP login and NOT a user login. Accessing the exact same function from a demo page works just fine as the user is logged in and thus as long as they have send as permission it works. The issue is the Azure APP which is registered with BC and Azure something needs to be set to allow the APP to get a token.

It appears that the AL routine for sending emails works fine when initiated by a user action, but encounters a stack trace when called by a service app running as an Azure AD Application. The code being called is very simple, so the issue may be related to permissions or settings that allow the Azure AD App to send emails on behalf of the email scenario user. The API permissions for the Azure AD App have been checked and the necessary permissions, such as Mail.Read and Mail.Send, have been granted. Does anyone have experience with getting AL code to send emails when running from an Azure AD app instead of being initiated by user actions? Any insight or suggestions would be greatly appreciated.

Good to see someone else experiencing the same issue. I’ve tried all manner of giving permissions to the Azure AD Application but nothing seems to work. It possibly is an easy fix but I can find no information on what is required to be set.