I'm creating a Mail Add-in for Office 365. I want to get access to calendar. Using Outlook Add-in API I get only selected item:
var item = Office.context.mailbox.item;
// Continue with processing the subject of the current item,
// which can be a message or appointment.
I found Calendar REST API, but to get a valid token I need obtain the appropriate authorization. But I'm already authorized in my add-in. I don't want to redirect user to authorize again when he has added my add-in and already granted the access to it. Is it possible to get access to calendar from my add-in without additional authorization?
At this time there is no single sign-on support between an Office ad-in and Graph. You can follow the approach outlined in this article: http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/08/10/connecting-to-office-365-from-an-office-add-in.aspx
Eric Legault has post a good approach and I have used it. However, I have found a possibility to access to calendar from mailbox without any OAuth authorizations like with Graph API.
You can use makeEwsRequestAsync method to make an asynchronous request (SOAP messages) to an Exchange Web Services (EWS) service on the Exchange server that hosts the user’s mailbox.
Your add-in must have the ReadWriteMailbox permission and the server administrator must set OAuthAuthentication to true on the Client Access Server EWS directory to enable this method to make EWS requests.
You can find EWS reference for Exchange to learn how to build proper SOAP for your request.
Related
I have an issue with accessing user data with microsoft graph api.
Context : I have a web app with a calendar inside for my users. I would like to give the user the possibility to synchronise this calendar with their microsoft calendar. I did the same thing with google calendars and it works well.
Problem : I registered an app on azure and setup my code with the correct access to login and get a token from the graph api.
It kinda works but i can only log in with the address i used to create my app on azure.
So lets say my admin address on azure is test#azure.com , then i can log in and access the data i want . But if i try with another address like for example test#customer.com, then it fails and display this message :
I keep looking for a way but the Microsoft graph documentation doesn't seem to talk about this problem.
I tried to add the account as an external user, like the message says (and maybe i did it wrong i'm not really sure of this part) but then i can log in but the data i can access doesn't match the data on the account i tried with, as if adding the user as an external user created a "new" user in my organisation.
What I want : I would like to be able to access the data of any user that try to log in with a microsoft email (if they accept the permissions of course).
It's my first time using the graph api so maybe i'm missing something simple...
Thanks
Based on the So thread reference:
When a user authenticates against your tenant, you only have access to the data controlled by your tenant. In other words, if test1#outlook.com authenticates against yourtenant.onmicrosoft.com tenant, you don't gain access to their outlook.com email.
Reason you're able to see the outlook.com email from Graph Explorer is that Graph Explorer is authenticating against their outlook.com account.
In other way, Graph Explorer is authenticating test1#outlook.com against the outlook.com tenant, not yourtenant.onmicrosoft.com.
When a user authenticates against a given tenant, that token only provides access to data within that single tenant. Microsoft Graph does not allow you to cross tenant boundaries.
Thanks Hong for the comment, you may also set your app registration to "multitenant + personal accounts"
So Reference: MS Graph External User 401 Unathorized
I am building a form in react and I wanted to send it to my email when the user clicked the submit button.
I was looking at Microsoft Graph API for sending the email (https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=javascript), but checking it, seems that it needs a temporary token, so I can't use it as I would need to be changing the token every hour or so.
So, I'm basicaly trying to find an API like the Gmail but for office 365 accounts (https://developers.google.com/gmail/api/guides/sending), as we can create a gcp project and use the keys that it generates for us, instead of using a token like the MS Graph API
Generaly I would use a route in my API, but this site is static, so I do not have any API (neither serverlets, cloud functions or other stuff like it).
Is there any away to send an email through a Microsoft API from my web client in react, using only a token specific to the domain? Or is there a better away to acomplish this same result?
I highly recommend using https://formsubmit.co/. It's free and I personally use it in many projects. Works flawlessly with many features like email templating, captcha, reply_to, etc.
No backend knowledge is required. Can set it up in like 1 minute.
One option would be to authenticate on behalf of the user.
You can also have a small proxy API, dedicated for the purpose of allowing the users to send an email.
I have an application which needs access to mailboxes for an organization but likely only needs access to the mailboxes for the sales teams and not the mailboxes for the rest of the organization.
For Office 365 we create a service account and get it delegated access to each of the mailboxes it needs to read emails from.
It seems like the Gmail API supports a "userID" parameter.
How can I configure a service account user thru the Admin portal to have access to multiple mailboxes?
Unfortunately this is not possible because a service account acts on behalf of a user who runs the script and does not have the authorization to access other mailboxes.
As a workaround, in the Admin console, the administrator of the domain is able to set up the routing settings for Gmail in a such a way that a copy of all emails addressed to the Sales Team (Organization Unit “Sales Team”) will be delivered to an additional recipient - who will run the API.
When you set-up the routing settings as explained here and add a recipient to whom to deliver a copy of the messages, you can use the option “Advanced”, which allows you to decide to for example to forward attachments or Spam messages as you can see in the image below.
Furthermore, if you don’t want to forward all messages, you can set-up content compliance rules for the inbox of the additional recipient to whom a copy of the messages will be delivered.
I am working on a Onedrive CoAuthoring Application. In which users can Co Author the document and Sync their changes. The application flow is First user initiates the CoAuthoring, the document will moved from Source to Onedrive. For the subsequent users, Permisson will added for those users and they open the document directly from onedrive. so everybody can work on the same document and the final user will sync back it from onedrive to Source.
I have implemented a PoC by creating office 365 trial accounts. I have hard coded the Admin account User credentials, and the admin account will talk to Onedrive on behalf of user using Microsoft Graph and Coauthoring works perfectly.
Now I want to Implement the real version on top of Onedrive Buisness for my organization. My organization using hybrid azure, so that the same onpermise user id is used in Azure too. I have created the application in Azure, created a key(Client secret) and gave necessary permission for the app. i am facing the following issues.
First i tried to pass my onpermise credential, but I am getting invalid password.
Next i tried the code flow, in which i have passed the client id and client secret and got the access token.But when i pass the Access token to the graph api I am getting Code: AccessDenied Message: Either scp or roles claim need to be present in the token.
Next I have created a X509 cert and getting the same error while calling Graph API Code: AccessDenied Message: Either scp or roles claim need to be present in the token.
Need your help/suggestion: I want to talk to onedrive using admin account/app. so that I will move the doc to onedrive and add permission for the subsequent users, and this has to be implemented without user interaction even for the first time. Please help me to overcome the issue.
Thanks,
Subbiah K
I'm creating an application in with angular and nodejs and I need to be able to read another user's list of events. Right now I am attempting to use "https://graph.microsoft.com/v1.0/users/otherusername#companyurl.com/events" this gives me the 403 "Access is denied. Check credentials and try again.". However, if I use "https://graph.microsoft.com/v1.0/users/myusername#companyurl.com/events" it works(as most would expect). My question is, why is it when I use outlook I can use scheduling assistant to see the events for "otherusername#companyurl.com" without being an admin but in my application I cannot see their events due to credentials?
The library I'm using to connect to microsoft graph api is https://github.com/AzureAD/azure-activedirectory-library-for-js
The delegated permissions I have set in azure are
View users' email address
Sign users in
Read user contacts
Have full access to user calendars
Read user calendars
Send mail as a user
Read directory data
Read all users' basic profiles
Sign in and read user profile
Application permissions (I understand these require admin)
Read calendars in all mailboxes
Graph api permission scopes
Any help is appreciated, thankyou.
Fugal - This is by design. You can use FindMeetingTimes API to schedule meetings with other users. This can be accomplished with just Calendar.Read permission. See http://graph.microsoft.io/en-us/docs/api-reference/beta/api/user_findmeetingtimes for more info.
For you to view another user's calendar using /events endpoint, you need a special permission (something like Calendar.Read.Shared) that we are still in the process of adding. Once we add that, you will be able to use /Events to access any calendar that another user has explicitly shared with you. But if you want to just schedule meetings, FindMeetingTimes should be sufficient.