We have used MS Graph API(MSAL) in one SAP Ui5 Application and have implemented Mail api, Calender api and MailboxSetting apis so far. It was working fine till Nov 2020 (Last checked in Nov 30 2020).
Suddenly this application keeps throwing the error "{"error":{"code":"MailboxNotEnabledForRESTAPI","message":"REST API is not yet supported for this mailbox."}}".
Though we have not changed a single code or any changes has been done in Azure portal or in the envirmental set up.We do have a Hybrid envirment mailbox set up.
The strange thing is the same APIs are working in MS Graph Explorer but not from our custom Apps. But when we use the token generated by Graph Explorer, APIs works from our custom apps also.
We compared the both tokens using jwt.ms. Scopes and other attributes are the same. Only 'wids' attribute is not present in our custom App's Token(We are using Implicit Grant flow).
which flow do MS Graph Explorer use, so it works there ?(If Authorization
flow is the issue).
Is it that only Graph Explorer is allowed to make API calls to On-Premise
Mailbox and the custom applicationa are not?
Is there any other factor, we should consider to solve this ?
Thank You,
Arpita
This error happens when trying to access a mailbox that is not hosted in EXO. Check where your target mailbox is hosted and use auto discover to locate the right endpoint for that environment.
I am Using Microsoft Graph to fetch list of rooms available for a tenant.
As per Documentation, List Palace Api (https://learn.microsoft.com/en-us/graph/api/place-list?view=graph-rest-1.0&tabs=http) should be used for this.
Now, I am facing problem with getting updated data using List Places api.
I have added few rooms to the tenant but those are not reflected as part of response for List places api.
However, findRooms api which is in Beta gives the updated response.
https://graph.microsoft.com/v1.0/places/microsoft.graph.room (Production version)
https://graph.microsoft.com/beta/me/findRooms (Beta version)
Since, I will be using this api in production I cannot use Beta version Apis.
Please suggest. Thanks in advance.
Update: List Places api is returning updated response after approx 12 hours
These days I noticed that Youtube API which I'm using on my project is no longer available, e.g.
https://gdata.youtube.com/feeds/api/videos/dLEk9yiXVQs?v=2
returns HTTP 410 response code which means that requested resource is no longer available and will not be available again.
What should I use instead?
If I'm understanding your question correctly then you should be using https://www.googleapis.com/youtube/v3/videos?id=<video_id>&key=<YOUR_API_KEY>&part=snippet from now on.
Google shutdown the old API effective April 20th, 2015.
Take a look at the newest v3 API getting started.
You can use this link with your Youtube channel id after the = and it should work.
https://www.youtube.com/feeds/videos.xml?channel_id= your youtube channel id number
I set up a project on my main domain example.com and then moved it to a subdomain sub.example.com
Now when I try to use the same (default ASP.NET MVC or on my Discourse forum) project with OpenId and click on the Google button to log in with my Google account it throws the following error -
That’s an error.
OpenID auth request contains an unregistered domain: http://sub.example.com
I have tried Googling that message but apparently I am one of the first four people to see it. Any ideas here?
According to this page,
Google closed registration to new OpenID 2.0 clients in May 2014 and will be shutting down the OpenID 2.0 service in April 2015.
The reason why some hosts work and some don't is that although Google isn't adding new hosts, you can still use the ones that are already registered.
UPDATE :
Some people have asked for a simple explanation for how to fix this, or otherwise how to proceed.
Basically, you now have 2 options.
Use OAuth 2.0 (instead of openID protocols and older versions of OAuth)
or
Use Google+ login (which Google tried to "push" you towards)
For more details check the migration guide :
https://developers.google.com/+/api/auth-migration#userinfo
I would like to add some context to this thread together with a potential solution to developers that are currently blocked.
Back in February we announced the deprecation of OpenID 2.0 (OID2) scheduled for April 2015. We also announced that new OID2 relying parties (RPs) registrations† will no longer be accepted after April 2014.
Given that the API will be shut-down in less than a year’s time, our intention is to avoid having new RPs integrating with Google's OID2 API. Instead, we suggest to use our OpenID Connect API which we consider more secure and easier to implement.
Registrations were effectively closed on May 19th (as documented in the Google’s OID2 developer documentation). All RPs already using OID2 should not be affected by this the closure.
As for developers currently working on an integration with our OID2 API (presumably because they missed the announcement and warnings in our OID2 documentation), we will do our best to minimize the friction caused by the registration closure. If you are in such situation, please let us know by posting a registration request before June 15th. The post should contain a sample OID2 request used by your application, in case you prefer not to disclose such information, please post an email address and we will reach out. We plan to look into each case and try to get you unblocked in the best possible way.
† OID2 does not have a registration procedure for RPs integrating with an identity provider. RPs are associated to the realm value (e.g., www.example.com) used when contacting Google OID2 API. Thus, a RP is considered "registered" if its realm value has been used to contact our OID2 API.
You can easily change to OAuth 2, this article shows you how to register your app with Google and add the key to MVC. Scroll down to: "Creating a Google app for OAuth 2 and connecting the app to the project."
And you may need to add the Microsoft.Owin.Security.Google package via NuGet.
I had the identical problem but when using nodejs / expressjs
I have migrate my code using below url code and fixed that issue
Passport strategies for authenticating with Google using OAuth 1.0a and OAuth 2.0.
https://github.com/jaredhanson/passport-google-oauth
The sub-domains that fail are those that had never seen any user requests before. As per https://developers.google.com/+/api/auth-migration#timetable, Google is not allowing new domains in the OpenID2 API.
I have this exact problem, we use googles login to run a platform, its a brand new problem.
A few things I have discovered if this helps
Full domains trying to use openID never fail www.example.org and www.example2.com are not having this problem
Subdomains on the platform have this problem sometimes, but the same subdomains always fail and the others always work.
It started around Monday and is still happening now.
Take a deep breath and just change Startup.Auth.cs file
app.UseGoogleAuthentication();
to
app.UseGoogleAuthentication(
clientId: "000-000.apps.googleusercontent.com",
clientSecret: "00000000000");
refer to the http://www.asp.net/mvc/tutorials/mvc-5/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on page.
I am looking for a way to upload videos from a web service to a handful of known Youtube accounts where I am the owner (have login/pw credentials).
For instance, when a video is uploaded to this site, it should also upload to Youtube accounts A, B, and C via the API.
It seems that Youtube has an old method for authenticating accounts in this manner called ClientLogin, but it has been deprecated as of 2012 and in fact no longer works consistently (significant problems popping up as of April 2013).
(ClientLogin Docs)
The new recommended protocol is oAuth 2.0 (docs), but I am struggling to understand - is this workflow possible via oAuth authentication? If not, is there an alternative that could handle it?
If you have a CMS account managing those account, you can do.
Currently service accounts are not working with Data API v3, hope to have them back soon.
Instead of storing login/pw credentials you must store login/refresh-token. With the refresh-token you request a new access-token after the current one has expired (after 1 hour)
The main difference is for the first time, you have to ask user to give you authorization via browser.
You can store the tokens and while you are calling the APi method, you can set the token in call to upload to that user's account