When sending on behalf of a Outlook365 group's delegated email, the draft id from Office-js can not be used to lookup for the draft with the signed in user's on graph api.
This will interrupt our flow for delegated email sending with Office365Groups, as there are no other way of obtaining the draft from graph api's groups resource.
Version: Outlook on Mac Version 16.46(21021202)
Steps to replicate
Successful Case
Open OWA
Change "From" address to office365group#yourgroup.ca
Observe the draft, it gets put inside the user's draft folder, which could be found with signed in user since it's placed in the user's draft folder
Failed Case
Open Outlook and navigate to Preferences -> Accounts -> Advanced -> Delegates -> "Open these additional mailboxes"
Add ie: office365group#domain.com as a delegate
Change the send from to the just added group
Observe the draft, it gets put inside the group's office365group#domain.com draft folder, the draft is inaccessible using graph's service with the signed in user since it is placed in the group's draft folder.
Related
Using the Microsoft Graph API v 1.0, how can I retrieve the user's MFA details?
For example, if I have an email based sign-in/sign-up policy with phone/SMS MFA, how can I see the phone number entered by the user? (and also set update it)
I know if I select 'identities' in the GET /users method I can see the email they've signed up with, but not the phone number they set for MFA. (https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0)
Of course I'm looking for all the mfa settings: mfa phone number, mfa email address, is mfa set, etc.
Hopefully there is some kind of extension attribute that contains this that I can select, and set on creation, but I cannot find documentation on this.
[UPDATE]
In the Azure portal, I can see the entered data if I go to user > profile > authentication methods. So I tried accessing the authentication relationships on the user. but it didn't provide any details (all empty arrays) https://learn.microsoft.com/en-us/graph/api/resources/authentication?view=graph-rest-1.0
There's a write-up here.
e.g:
GET https://graph.microsoft.com/beta/users/objectID/authentication/methods
I have a question to ask about using Graph Explorer.
I logged onto Graph Explorer using my admin account which has the role of Exchange Administrator.
However, when I execute a query just to get another user's high importance email, it came back with forbidden.
The query is just a simple https://graph.microsoft.com/v1.0/users/john.doe#domain.au/messages?$filter=importance eq 'high'
I have already consented the permissions as you can see from the image below.
Can anyone be kind enough to point me in the right direction?
(Graph Explorer screen capture)
Thanks.
I guess that permission tab show the incorrect information. To access mail of another user you will need at least Mail.Read.Shared and Mail.ReadWrite.Shared permissions.
Probably due to security reason you will also need other permissions like User.Read.All
Mail.Read.Shared
Allows the app to read mail that the user can access, including the user's own and shared mail.
Mail.ReadWrite.Shared
Allows the app to create, read, update, and delete mail that the user has permission to access, including the user's own and shared mail. Does not include permission to send mail.
Resource:
Mail permissions
I have to read Outlook emails from an inbox in a Windows Console Application. I am trying to use MS Graph Client for the same. Problem is I don't want to login to generate access token. How should I go about generating access token without a login form ? I will appreciate any help.
I have tried the solution given in this article, but couldn't get it working as I didn't know redirectUrl and couldn't resolve some references for the given code.
Single user -> Use device code flow
If you want to access the mailbox of a single user: you can use the Device code flow documentation.
This flow allows you to display a code to the user, they go to the device login page and authorize your application. You also get a refresh token so this access can be used for a log time.
Any user in organization -> Use client credentials
If you want to access any mailbox of the entire organisation you can check out this answer and replace the required permission by Read mail in all mailboxes.
This is my scenario:
I have an app that needs a shared folder for user A and user B. So when the app starts, user A create an App Folder (user has only "Files.ReadWrite.AppFolder" permisions). In this folder I create a new drive item and set the permissions via invite for user B.
Now user B wants to access this drive item, but I get an access denied. Only when I set the scope to "Files.Read" it's working (this is the minimum permissions according to the docs), but I don't want to access all the files of the users drive.
Does anybody know if this scenario is even possible with the graph api or is there an other approach to accomplish this?
According to your description, I assume you want to share some files to someone who is not in your organization.
I think we can create a sharelink for a file when we create it by using the following API:
/sites/{siteId}/drive/items/{itemId}/createLink
In the body, we can set the scope property to organization. Then the User B will get the shared file only.
According to this document, we can create an sharelink to someone including he outside of your organization.
I'm writing an internal app that uses the Slack python client. I'm authenticating via a bot user and trying to call the users.lookupByEmail() method to get Slack info for a particular user:
sc = SlackClient(SLACK_TOKEN)
user = sc.api_call(method='users.lookupByEmail', email=email)
However I get back the following:
'{"ok":false,"error":"missing_scope","needed":"users:read.email","provided":"identify,read,post,client,apps"}'
According to the API documentation (https://api.slack.com/methods/users.lookupByEmail), bot users should have access to this method. So I'm guessing my bot does not have the users:read.email scope. Is there anyway to add that? As a workaround I'm calling the users.list() method and just iterating through that but that's very inefficient with the hundreds of users we have.
Yes, you need the users:read.email scope.
Just re-authenticate your Slack app and include that scope and it should work.
However, if you used a bot custom integration you do not have the ability to add more scopes. I then recommend to create a Slack app instead, which you can do on this page by clicking on "Create a Slack app".
Keep in mind that Slack apps need to be installed to your workspace to work. You can do that from the configuration page of your app.
You can add scopes (permissions) in the Slack application admin pages. Under Basic Information,
Go to Add features & functionality and choose the Permissions subsection.
On the OAuth & Permissions page, scroll down to Scopes -> Permission Scopes
In the "Add permission by scope or API method..." dropdown, scroll to "View email addresses of people on this workspace" and select users:read.email