We are having a Microsoft 365 Tenant with a Global Admin and other end users. We have a requirement that whenever the User\Admin updates his password we need to perform some critical activity.
If we create a change notification subscription for user Object through https://learn.microsoft.com/en-us/graph/webhooks will that send notification whenever the User rest\change the password ?
Yes !
I had the subscription with the below config :
{
"changeType": "updated",
"notificationUrl": "<URL>",
"resource": "users",
"expirationDateTime": "2021-02-12T11:00:00.0000000Z",
"clientState": "SecretClientState"
}
Trigger to the notification URL occured on the below required events :
resetting the password (I checked for admin password reset, assuming that the self reset should also work)
changing the password by the user.
Related
I've successfully created a webhook subscription to listen for changes on a shared calendar (I got a 201 Created response back from the create subscription endpoint) with the following POST body:
{
"changeType": "created,updated,deleted",
"notificationUrl": <my_https_app_webhook_url>,
"resource": "/me/calendars/<calendar_id>/events",
"expirationDateTime": "2020-03-06T12:30:27.606347+00:00",
"clientState": <secret_token>
}
If I then create an event on that shared calendar with 1 attendee (aside from myself, the organizer & owner of the shared calendar) and that attendee declines the event, I don't receive a notification at my subscription notificationUrl.
Am I missing something here?
{
"changeType": "created,updated",
"notificationUrl": "https://mynotification.url.com",
"resource": "users/adminuser#oadmin.onmicrosoft.com/events",
"expirationDateTime":"2020-03-03T14:09:27.121Z",
"latestSupportedTlsVersion": "v1_2"
}
Make sure you have added,ChangeType:created,updated
This is an expected behavior as the attendee's responses do not update the event object itself, thus not triggering a notification.
I'd recommend you add this as a suggestion to UserVoice
If i have Calendars.Read application permission for events in user calenders, how do i create a subscription to a user calendar using graph api.
below i tried to create event subscription for 'user#mydomain.com' mailbox by updating resource parameter to 'users/user#mydomain.com/events' and is this the right way to subscribe get notifications of shared,delegated calendars of user?
{
"changeType": "created,updated",
"resource": "users/user#mydomain.com/events",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"expirationDateTime":"2016-11-20T18:23:45.9356913Z",
"clientState": "secretClientValue"
}
(Clarification: I have never created a notification for a resource of this type).
You did not state what the error was.
In your resource field it might need to be:
/users/{userId}/events
The {userId} should not be a UPN but the UUID of the user.
{
"changeType": "created,updated",
"resource": "users/{userId}/events",
"notificationUrl": "https://webhook.azurewebsites.net/api/send/myNotifyClient",
"expirationDateTime":"2016-11-20T18:23:45.9356913Z",
"clientState": "secretClientValue"
}
We are using a multitenant application.
We created a subscription to listen to calendar events for a particular user, but we are not receiving the notifications.
The user accepted the following scopes: Calendars.Read Calendars.ReadWrite Calendars.Read.Shared Calendars.ReadWrite.Shared offline_access User.Read.All
When we call to POST https://graph.microsoft.com/v1.0/subscriptions
BODY:
{
"resource": "/users/31c61efc-bc28-4552-9f0d-1a8735767c4e/calendars/AAMkAGRjZjY3OGRmLWU3MjAtNGExYy1hOTk0LTNkNjExOWVhZmYyNQBGAAAAAAD3yBF0B84VRJLe9CCZ4-ajBwDf5J1F10FqQ6VkC14neUWZAAAAAAEGAADf5J1F10FqQ6VkC14neUWZAABEL_2XAAA\u003d/events",
"changeType": "created,updated,deleted",
"clientState": "XXXXXX",
"notificationUrl": "https://XXXXX.ngrok.io/notification/event",
"expirationDateTime": "2019-05-31T14:42:08.651Z"
}
Then the notificationUrl is called and we receive the validation token:
Validation: Testing client application reachability for subscription Request-Id: 9d020355-7589-4485-ba29-62d1ec899723
But when we login into the 31c61efc-bc28-4552-9f0d-1a8735767c4e account and update or create an event, no notification is beign sent.
If we call to GET https://graph.microsoft.com/v1.0/subscriptions the subscription is created:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions",
"value": [
{
"id": "b92d909e-b1b5-49b8-af54-74b7956d6565",
"resource": "/users/31c61efc-bc28-4552-9f0d-1a8735767c4e/calendars/AAMkAGRjZjY3OGRmLWU3MjAtNGExYy1hOTk0LTNkNjExOWVhZmYyNQBGAAAAAAD3yBF0B84VRJLe9CCZ4-ajBwDf5J1F10FqQ6VkC14neUWZAAAAAAEGAADf5J1F10FqQ6VkC14neUWZAABEL_2XAAA=/events",
"applicationId": "XXXX",
"changeType": "created,updated,deleted",
"clientState": null,
"notificationUrl": "https://XXXX.ngrok.io/notification/event",
"expirationDateTime": "2019-05-31T14:42:08.651Z",
"creatorId": "31c61efc-bc28-4552-9f0d-1a8735767c4e"
}
]
}
Monitoring the ngrok calls, there is no failing call to the notification events endpoint.
Is there any console log we can verify to understand what the problem could be?
We tried to create subscriptions for different accounts with no success.
We also tried to subcribe to /me/events
Just wondering if it could the cause, but the calendar id to whom you're subscribing to is ending with \u003d instead of =. Encoding stuff. Might not be it, but for me its working well with this.
Hope its just this!
JS
For some reason the 'Send on Behalf' feature is failing for me. Graph always returns an ErrorSendAsDenied (when From and Sender field values are different).
The accounts are verified to have the correct configuration for sending on behalf of each other. I couldn't make it work after spending more than three days on it.
Following permissions are requested during authentication:
openid
email
profile
offline_access
User.Read
Mail.Read
Mail.ReadWrite
Mail.Read.Shared
Mail.ReadWrite.Shared
Mail.Send
Mail.Send.Shared
For the example below, the user Gregory Test wants to send messages on behalf of Sem Test. A valid authorization access token (authenticated by Gregory Test) is used for sending the email, however email delivery ALWAYS fails.
The sample submitted JSON message is:
{
"Message":{
"Subject":"Trying to send message on behalf",
"Body":{
"ContentType":"html",
"Content":" email html content "
},
"From":{
"EmailAddress":{
"Address":"sem.test#contoso.com",
"Name":"Sem Test"
}
},
"Sender":{
"EmailAddress":{
"Address":"gregory.test#contoso.com",
"Name":"Gregory Test"
}
},
"ToRecipients":[
{
"EmailAddress":{
"Address":"semtestestestes#gmail.com",
"Name":"Sem Shehovtsov"
}
}
]
}
}
If the Sender and From are set to the same value, it is working fine. The Sender mailbox is configured to allow sending messages on behalf of other users.
Any ideas?
You don't need to set the Sender property, Graph will handle this automatically for you. From the documentation:
In order to send from another user, set the from property on the message sent to the email address of the user to send from. You don't need to set the sender property - Microsoft Graph will set it appropriately, based on the mailbox permissions granted to the user who has signed in.
Try this payload instead:
{
"message":{
"subject": "Trying to send message on behalf",
"body":{
"contentType":"html",
"content":" email html content "
},
"toRecipients":[
{
"emailAddress":{
"address":"semtestestestes#gmail.com",
"name":"Sem Shehovtsov"
}
}
],
"from":{
"emailAddress":{
"address":"sem.test#contoso.com",
"name":"Sem Test"
}
},
}
}
Also, you don't need to request both Read and ReadWrite scopes. The ReadWrite scopes overlap with the Read scopes.
I have a problem with my Microsoft Graph webhook subscriptions to /me/events. What I want to do is to subscribe to all user calendars.
First I have created the new app in https://apps.dev.microsoft.com using my personal Microsoft account.
Then in my app I subscribe to /me/events notifications using access token:
POST https://graph.microsoft.com/beta/subscriptions
{
"changeType": "created,updated",
"notificationUrl": "https://xxxxx.ngrok.io/notification-url",
"resource": "/me/events",
"expirationDateTime": "2018-11-14T09:40:10.933Z",
"clientState": "xxxx-xxxx-xxxx-xxxx"
}
My notificationUrl receives validation request to which my app responds with 200 OK and validation token. After that the POST request returns me my subscription:
{
"#odata.context" : "https://graph.microsoft.com/beta/$metadata#subscriptions/$entity",
"id" : "2773aa4c-e983-4d15-9236-xxxxxxxx",
"resource" : "/me/events",
"applicationId" : "d551ec34-8d44-4cc6-9b88-xxxxxxxx",
"changeType" : "created,updated",
"clientState" : "xxxx-xxxx-xxxx-xxxx",
"notificationUrl" : "https://xxxxx.ngrok.io/notification-url",
"expirationDateTime" : "2018-11-14T09:40:10.933Z",
"creatorId" : "00000000000"
}
This subscription works fine but only for one, default calendar in Outlook. I don't receive any notifications if I create, update events in any other calendars that exists in my account.
What could be the problem here, am I using wrong resource name (/me/events) or this is some limitation for personal accounts in Microsoft Graph?
When you use /me/events you are going to the default Calendar for the user (per the docs). In your case, you would want to enumerate the user's calendars (GET /me/calendars) then subscribe to each one's events collection, using the resource /me/calendars/{calendar-id}/events.