Unable to send message on behalf of other user in nodejs

Copper Contributor

Hii community,


I am facing difficulty in sending email on behalf of other user, while signing in I am storing user access and refresh tokens and want to send mail in background as server to server communication. 

I am following these steps: 

  • Fetching user refresh token from db
  • Getting new access token using ClientSecretCredential.
  • Using that token to get delegated access token on behalf of that user using OnBehalfOfCredential.
  • Then using that outcame delegated token to send email on behalf of that user.
const clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
// Use the user's refresh token to get a new access token
  .getToken(['https://graph.microsoft.com/.default'], {
    refreshToken: tokens.refresh_token,
  .then((tokenResponse) => {
    const userAccessToken = tokenResponse?.token;
    console.log('User access token:', userAccessToken);

    // Use the user's access token in the OnBehalfOfCredential
    const onBehalfOfCredential = new OnBehalfOfCredential({
      userAssertionToken: userAccessToken,

    // Use the getToken method on the OnBehalfOfCredential to get a delegated access token
      .then((delegatedTokenResponse) => {
        const delegatedAccessToken = delegatedTokenResponse?.accessToken;
        console.log('Delegated access token:', delegatedAccessToken);

        // Create a Graph API client with the delegated access token
        const graphClient = Client.initWithMiddleware({
          authProvider: {
            getAccessToken: async () => {
              // Return the delegated access token to the Graph API client
              return delegatedAccessToken;

        // Prepare the email payload
        const email = {
          message: {
            subject: 'Test Email',
            body: {
              contentType: 'Text',
              content: 'This is a test email sent via Microsoft Graph API.',
            toRecipients: [
                emailAddress: {
                  address: 'email address removed for privacy reasons', // Replace with the recipient's email address

        // Use the Graph API client to send the email on behalf of the user
          .then((response) => {
            console.log('Email sent successfully:', response);
          .catch((error) => {
            console.error('Error sending email:', error);
      .catch((error) => {
        console.error('Error acquiring delegated access token:', error);
  .catch((error) => {
    console.error('Error acquiring user access token:', error);

Is this flow is correct, I have also tried using MSAL but didn't got any luck. Please help. 

0 Replies