My outlook account at work is a member of a group called GraphTest which has email address GraphTest#companyname.net.
I'm trying to use the graph explorer to access mail in that group's inbox.
When I run the query https://graph.microsoft.com/v1.0/users/graphtest#companyname.net/messages I get the error message
Group Shard is used in non-Groups URI.
When I replace graphtest#companyname.net with my own email it works. Also I've consented to the permissions Mail.Read and Mail.Read.Shared.
What does this error message mean, and how can I fix it?
https://graph.microsoft.com/v1.0/users/graphtest#companyname.net/messages
Firstly the above API call which you used is invalid because you are giving a group email id to get it from user like /users/graphtest#companyname.net/messages which is invalid.
Even there is no mention in documentation that we can use something like /groups/graphtest#companyname.net/messages.
You can get some details from List Conversations using something like this.
https://graph.microsoft.com/v1.0/groups/{group_id_only}/conversations
Related
Is it possible to get a mail message from Microsoft Graph just by its id without UserId / Mailbox name?
I found this: https://learn.microsoft.com/de-de/graph/api/message-get?view=graph-rest-1.0&tabs=http but it seems to need a user reference in all cases.
No to get Messages you need to use one of the Messages Endpoints which are either in the /Me context of /Users contact. If all you have is the Id and you want to work out which mailbox it came from then the Id does contain the MailboxGuid
My feature was built before /createReply existed and relies on:
Set a custom header with Outlook/Office 365 REST
to add References and In-Reply-To to an email. This allows the app to send email replies w/o requiring Mail.ReadWrite, which is much more access than we need:
https://learn.microsoft.com/en-us/graph/permissions-reference#mail-permissions
Read and write access to user mail
Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.
Now those headers no longer get added. (I also tried Cannot pass "In-Reply-To" parameter to Microsoft Graph sendMail and arrived at the same result as the author.)
Is there a way for me to get around this regression without requesting additional user permission? Thanks!
https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http
As of 2019-10-04, Microsoft published changes to their /reply endpoint which now allows for message:
https://learn.microsoft.com/en-us/graph/api/message-reply?view=graph-rest-1.0&tabs=http#request-body
https://github.com/microsoftgraph/microsoft-graph-docs/pull/5771
With the message field, I should be able to send replies w/o requesting additional permissions.
When querying the Graph with the PHP library for a given drive I receive 400 Unable to retrieve user's mysite URL or 429 Too many requests.
When I call for example https://graph.microsoft.com/v1.0/users/b0633c25-2655-4dfe-a2b2-078e4310deba/drive with the PHP library it gives this weird result. When I query the same url in the Graph Explorer. It works like a charm.
I've set up the permissions as described in the docs and have the E3 Developers subscription that is still valid.
What am I missing?
The error message is misleading and does not mention billing as it should.
Check your Billing > Your Products (subscription) in your Microsoft 365 Admin and then try again.
The best way to test is:
https://developer.microsoft.com/en-us/graph/graph-explorer
The current error seems like user does not have ODFB(OneDrive For Business) site created, you can check if the user have create OneDrive site(the OneDrive site will be created while the user first time to use it).
To debug that issue for now, try to use Graph Explorer https://developer.microsoft.com/en-us/graph/graph-explorer# and login with your user account.
If you can access /me then try accessing /me/drive/root and you will get details about ODFB Doc Lib for current user if it exist.
we can get results with the following link for login-in user
https://graph.microsoft.com/v1.0/me/drive/root/children
Reference for you: https://github.com/microsoftgraph/microsoft-graph-docs/issues/1354
I have seen other posts that are very similar, but I don't find a real answer. Some say "it is coming", those are old.
I am authenticating with the Admin credentials to our O365 and trying to pull calendar information. The Scope has Calendars.ReadWrite (which falls under App-Only and Delegate as far as scopes), but it always returns a 403. ErrorAccessDenied, "Access is denied. Check credentials and try again"
The Graph doc for calendar views shows it can send in users/{id} in the request, and the id's came back when I listed all the users. Of course if I use mine, it works.
If there really is an App-Only scope vs a Delegate scope for this same scope name, how do you specify that?
Is there something I have to specify in O365 for my admin user so it has rights? I can delete or create any user with that account in O365, so it appears it should have what it needs.
Thanks
So, App-Only has a slightly different flow.
First, instead of authenticating the user at "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", you authenticate them at "https://login.microsoftonline.com/common/adminconsent".
Second, you pass in the same parameters minus "scope". Scope is determined by your Application Permissions defined in you application that you registered at apps.dev.microsoft.com.
Third, when you receive your callback you will not have a "code" to use to go and retrieve your Access and Refresh tokens. Instead, you will receive a "tenant" property and an "admin_consent" property. "admin_consent" will tell you whether you have the rights or not.
Fourth, when requesting your access token, you will not supply the "scope" or "code" parameters, but you will provide a "resource" parameter, with the value "https://graph.microsoft.com".
Lastly, the URL you contact to get the token will change from "https://login.microsoftonline.com/common/oauth2/v2.0/token" to "https://login.microsoftonline.com/{tenant}/oauth2/token", where {tenant} will be the value returned.
Please note that in the URL that "v2.0" is missing. That isn't a typo. If you do not remove that from the path you will get errors about an invalid or missing "scope" parameter.
Once it successfully returns your Access and Refresh token, the flow seems to follow normal delegated access.
Here are a couple of links that Microsoft gave me, with their guidance to help figure this out.
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-the-admin-consent-endpoint
https://developer.microsoft.com/en-us/graph/docs/authorization/app_only
(Big Thanks to Jeff at Microsoft)
Latest doc is here: https://learn.microsoft.com/en-us/graph/auth-v2-service
I followed it and I was able to read/write other's calendar with permission Calendars.ReadWrite.
I am using the Microsoft Graph SDK as downloaded from NuGet (1.2). I authenticate to Azure AD (using ADAL).
I am using Client Credentials flow (not authenticated as any particular user) and am using Application Permission roles to access resources.
We are going to set up one service mailbox with a bunch of aliases. The aliases are given to the clients. This is so they are emailing an address that has a meaningful name to them.
My app will run as a service, and routinely scan new emails in this inbox. It should find the To address, and depending on what alias was used, file the email in a location relevant to that client.
The resource I want is: GET /users/<id | userPrincipalName>/messages
However, there doesn't appear to be a method in the SDK for it.
I can get users with this:
IGraphServiceUsersCollectionPage filteredUsers =
graphApi.Users.Request()
.Filter("userPrincipalName eq 'user#domain.com'")
.GetAsync().Result;
When I loop through the collection, I can see that the User has a 'Messages' property, but it is always null.
If I manually build a request message with HttpClient I can get the messages.
The second problem is that the Recipient property is always the userPrincipalName of the mailbox. How can I get the alias that was used by the sender?
While you are able to get your collection of users successfully, you have to make another request to receive the messages. This would look something like:
IUserMessagesCollectionPage userMessages =
graphApi.Users["user_id"].Messages.Request()
.GetAsync().Result;
To answer your second question, at this time you cannot access the original recipient through the Graph API, but you can do this through EWS. This is due to the fact that you can only retrieve the SMTP message headers through EWS. You can read more about how to do this here.
If this is something you believe is valuable to you in the Graph, I would encourage you to post it in our UserVoice.
If you want to get the email as a file, you can simply get the body as bytes through the SDK:
byte[] asBytes = Encoding.Unicode.GetBytes(message.Body.ToString());