Microsoft Graph API - Microsoft Teams Create Event with gmail user as attendee - microsoft-graph-api

I want to send an MS Teams meeting invite to a Gmail user(guest) using graph API.
I can send it to people under my organization or to another organization with an AD account.
When I add a Gmail user, a meeting is getting created but not sent an invite to a gmail user.
There are no records in the Gmail spam folder also. Any reason or I'm missing something.
One thing noticed one thing in MS Teams desktop app, when I add a Gmail user to teams, it's asking to invite that user. Is there anything I should do related to that when I'm using it from API?
Another thing I have noticed is that there is a setting in Azure portal inside authentication support account type :
Who can use this application or access this API?
Accounts in any organizational directory (Any Azure AD directory - Multitenant)
Attaching the sample code which I have tried. This is working when I add the same AD or different AD account as an attendee but not Gmail(personal account)
curl --location --request POST 'https://graph.microsoft.com/v1.0/users/{{userid}}/events' \
--header 'Authorization: Bearer <token>' \
--header 'Prefer: outlook.timezone="Asia/Dubai"' \
--header 'Content-type: application/json' \
--data-raw '{
"subject": "Let'\''s Meet for Demo",
"body": {
"contentType": "HTML",
"content": "Does noon work for you?"
},
"start": {
"dateTime": "2021-08-27T12:00:00",
"timeZone": "Asia/Dubai"
},
"end": {
"dateTime": "2021-08-27T13:00:00",
"timeZone": "Asia/Dubai"
},
"location":{
"displayName":"John'\''s Dev Room"
},
"attendees": [
{
"emailAddress": {
"address":"user1#gmail.com",
"name": "User1"
},
"type": "required"
}
],
"allowNewTimeProposals": true,
"isOnlineMeeting": true,
"onlineMeetingProvider": "teamsForBusiness"
}

Invitation adds an external user to the organization. When the user is invited, a user entity (of userType Guest) is created and can now be used to control access to resources. The invited user has to go through the redemption process to access any resources he has been invited to.
You can follow this link to create an invite: https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-beta&tabs=http
Also as mentioned in create OnlineMeeting doc, Administrators must create an application access policy and grant it to a user, authorizing the app configured in the policy to create an online meeting on behalf of that user (user ID specified in the request path).
Please make sure you have added all the required policies and permissions.

Related

Azure AD B2C Creating a Social Account Using Graph API Create User

I am attempting to create user social accounts for Microsoft logins on my B2C tenant without using the sign up userflow. When the sign up userflow is ran and you register a Microsoft Account a user is created in the tenant with a source of "Microsoft Account".
I have been experimenting with the Microsoft Graph API using the create user post request where in i can create a working local account fine but am having issues creating a Microsoft user that works with the B2C Login using the examples in the link below. I don't think I have a valid issuerAssignedId for the Microsoft accounts I am creating and I am not actually trying to migrate existing accounts. The user record is created in B2C when the post request is ran but when i try to log in using the microsoft account it is responding back with AADB2C99002: User does not exist.
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example
Not exact values but example of payload i am using:
{
"displayName": "Test Name",
"identities": [
{
"signInType": "emailAddress",
"issuer": "mytenant.onmicrosoft.com",
"issuerAssignedId": "test#outlook.com"
},
{
"signInType": "federated",
"issuer": "live.com",
"issuerAssignedId": "test#outlook.com"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
Is there a way I can achieve this? Thanks.
I don't think I have a valid issuerAssignedId for the Microsoft
accounts I am creating and I am not actually trying to migrate
existing accounts.
You cannot use Microsoft Graph API to create an MSA which doesn't exist.
Although the user record is created in B2C when the post request is ran, it is only a record as you mentioned.
The real identity authentication process is done by MSA rather than B2C.
So AADB2C99002: User does not exist is the expected behavior in this case.
You can set a non-existing MSA while calling this Microsoft graph endpoint, but it will not create an MSA in the MSA IDP side. So you cannot log in with it.
The best practice is to create the MSA in advance and use it for this Graph call.

Microsoft Graph Api Onedrive sharing links missing users info

When sharing a file on Onedrive with specific people the user got to connect using a one-time code.
How do I get those people allowed to use the shared link using the Microsoft Graph API?
Currently, the permission data only states the scope: "users", I was unable to find the users connected to the URL using the Graph Api.
This Info is available in the Onedrive UI itself.
Users in the Onedrive UI
API Response for the same link:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#drives('b***')/items('0***')/permissions/$entity",
"id": "***-c555beee2324",
"roles": [
"read"
],
"link": {
"scope": "users",
"type": "view",
"webUrl": "***qbagBM9ioYBhgkVqZx4blggM7Ow"
}
}

REST APIs to manage my twilio account users?

I created a Twilio account. I have two users in my Twilio account.
Owner
Developer
I want Twilio REST API Something like GET /users which should return me above two users list
Seems OAuth is not supported by Twilio
I created master API Key for my account. ( This is not like OAuth it is valid only for my account, No cross-account call will be possible with this )
Are there any User management APIs provided by Twilio? ( I am not asking about subaccounts ) OR Any alternative OAuth like authentication for APIs?
Update
Based on a comment by #philnash I am adding few more points,
So if I create a Twilio account for my organization there I create few users for my organization, e.g.
1] Owner ( By default ) -> User1
2] Developer -> User2
3] Billing billing manager -> User3
4] Support -> User4
For the above users, I may need users API which may return my organization users list ( Provided I may need enabled REST API access & may have access_token ),
{
"users": [
{
"name": "User1",
"email": "user1#myorg.com",
"role": "owner"
},
{
"name": "User2",
"email": "user2#myorg.com",
"role": "developer"
},
{
"name": "User1",
"email": "user1#myorg.com",
"role": "billing_manager"
},
{
"name": "User1",
"email": "user1#myorg.com",
"role": "support"
}
]
}
I am looking for User management APIs for Twilio Main Account ( Close to Twilio connect but limitation there is it is for sub-accounts ).
Is it possible?
Twilio developer evangelist here.
There is not a user management API for the Twilio API. Users are really the access credentials for a person to log in to the Twilio console. Users then have access to accounts and the account credentials (account SID and auth token) and API keys created for the account.
I am still unsure what you hope to do with the list of users that have access to your account. There is no Users API though.

Jira ServiceDesk API - response suddenly missing the field emailAddress

I am getting a list of users in an organisation from the Jira ServiceDesk API, as documented on this page.
So far this is working as expected but today all off a sudden the code is broken. That is to say; the results im getting from the API have changed. As the docs state i SHOULD be getting values that include the field emailAddress. However since today i am getting the right users, but there is no longer an emailAddress field. The following is the result (structure) i'm recieving:
{
"size": 1,
"start": 0,
"limit": 50,
"isLastPage": true,
"_links": {
"self": "https://someprefix.atlassian.net/rest/servicedeskapi/organization/1/user?start=0&limit=50",
"base": "BaseURL",
"context": ""
},
"values": [
{
"accountId": "123456:SomeGUID",
"name": "SomeUserName",
"key": "someusername",
"displayName": "Some Username",
"active": true,
"timeZone": "Europe/Amsterdam",
"_links": {
"jiraRest": "LinkToTheThisUser",
"avatarUrls": {
"48x48": "LinkTo48X48Url",
"24x24": "LinkTo24X24Url",
"16x16": "LinkTo16X16Url",
"32x32": "LinkTo32X32Url"
},
"self": "LinkToThisResource"
}
}
]
}
I asked to check the setting User email visibility and it is currently set to logged in users only.
My question:
Why is this field suddenly missing from the API? Is there or are there settings i'm unaware off that influence this field being present or not?
Ok, it seems this is by design to keep in line with GDPR guidelines. Long story short; emailAddress will no longer be reliably part of the API's since a user now has to consent to it. If not all users emailAddresses are reliably part of the response this makes for a poor field of comparison in synchronization applications.
Which profile information will apps be able to access?
Any personal information users set as Anyone will be available for apps to use. For
example, apps will be able to access this information, store it, and
show it to other users.
Users' local times and locations will always be available to apps,
regardless of their visibility settings. This lets apps customize
their experiences.
Users' email addresses will be available to some apps that have been
approved by Atlassian. Note that if a user chooses to set their email
address to Anyone, then any installed apps will be able to use it.
When users install apps, the apps will request that they consent to
share their profile information with the apps. If they consent, the
apps will have access to all of their profile information. This is not
applicable to admins.
However. There will be a new API giving access to user emailAddresses regardless of user settings. Access to this API is restricted to approved applications. More about this can be found on this page.
In order to apply for access to this API the app must meet all current
requirements for being listed on Atlassian Marketplace (even if the
app is not listed on Atlassian Marketplace).
This means:
The app developer has provided a privacy policy
The app developer has provided a customer terms of use agreement
The app developer must signal whether or not the app collects and stores personal data.
If the app is storing personal data the app must report the accountIDs that have been collected and stored every 15 days.

Stripe deauthorize webhook to Rails app

The question goes like this:
I have connected a user with Stripe through my Rails app, and such user is connected via API key.
In Stripe there is an option to deauthorize API keys. I would like to be informed in my app once a user deauthorizes my API key. I know it is possible, or should be possible.
I know I have to manage webhooks in my app, but I am wondering where to set which URL of my app Stripe will call when user deauthorizes my API key, and what data will be sent to my app?
Webhooks are used by Stripe to notify your server of events. There are two types of webhook endpoints you can set up:
"Account" endpoints will receive events that happen on your own account
"Connect" endpoints will receive events that happen on accounts that are connected to yours via Stripe Connect
In a nutshell, you'll configure an URL to your own server (the "endpoint") in your Stripe webhook settings. Whenever an event happens, Stripe will send an event object to that URL.
In the case of Connect endpoints, the object will also have an account attribute with the ID of the account that emitted the event.
To be notified of deauthorizations, you'd need to set up a Connect endpoint and catch account.application.deauthorized events. The data you will receive will look like this:
{
"created": 1326853478,
"livemode": false,
"id": "evt_00000000000000",
"type": "account.application.deauthorized",
"object": "event",
"request": null,
"pending_webhooks": 1,
"api_version": "2016-03-07",
"data": {
"object": {
"id": "ca_00000000000000",
"object": "application",
"name": "Your Application"
}
},
"account": "acct_00000000000000"
}

Resources