I want to develop an add in for Outlook which after click on button forward selected email to hardcoded address. What I find is that I must use Graph API to do this, but I lost in documentation on how I get token to make an API call. In Outlook API it is simple as call getCallbackTokenAsync. Is it similar way to get token for Graph API? What is the simplest way of getting this token, best if it could be done without user interaction?
It's straightforward. First you need to register you application in Azure AD, make sure you provide right roles/permissions so that you can get a token. Using the token you can access a protected resource like Microsoft Graph API. You may want to get it started following the documentation/javascript sample.
Related
I am attempting to use "v1.0/me/joinedTeams" to get all the joined teams for the currently authenticated user in my asp.net service. This works fine for external accounts that use a Microsoft identity (have a live account) but the same call returns a 400 Bad Request when I attempt to use an external account that uses a mail identity (no live account). The request is the same regardless of external account type. The token generated when authenticating as the mail identity external user looks correct when I inspect it.
I have been able to implement a workaround where I instead use the SharePoint REST service to get the groupId for the team site the user is apart of and then use the Graph call "v1.0/teams/{groupId}" to get that team. However, I need to do this for all the teams the external user has access to which slows things down quiet a bit.
I am aware of what looks like a bug in Graph when trying to make any Graph calls with any external user type, described here: https://github.com/OneDrive/onedrive-api-docs/issues/1039. I have also implemented the workaround for this issue which requires first accessing each site the user has access to by making some arbitrary call using the REST service. Then any subsequent calls using Graph should work. I do this for external accounts with a mail identity before trying to make the joinedTeams call but still run into the 400 response.
These workarounds will suffice in the short term but they increase my execution time significantly, especially when there is a large number of teams the external user is apart of. Any insight on a solution is greatly appreciated.
/me/joinedTeams is not available for personal Microsoft accounts. Se the table on this page
So I applied as a Twitter Dev to make a bot that tweets stuff. About two days later, I got access. When I ran the code with the tokens it gave me, it posts from my account.
My question: Is there a way for me to make it send as another account (a bot account) without me having to apply again?
Yes, you can use the Sign-in with Twitter flow to authenticate a different user to your app, and then use the Access Token and Access Token Secret for that user to post to that account. This is the correct way to implement things - you should not be applying for multiple developer accounts.
You can also use tools like twurl or another CLI tool to
https://github.com/twitter/twurl/
https://github.com/smaeda-ks/tw-oob-oauth-cli
https://github.com/olithissen/twitter-oob
Did you get elevated access from tweeter or Essential? I have a stack error:
You currently have Essential access which includes access to Twitter API v2 endpoints only.
If you need access to this endpoint, you’ll need to apply for Elevated access via the Developer Portal.
It's hard to get Elevated now.
I need to send emails from my server, through simple REST calls, from my backend-server email address, to the email addresses registered in the system.
But there is a problem, bear with me.
The thing is a lot of the documentation I've seen so far seems to assume I want to access the clients gmail data, which I don't, I only use the client's address as a destinatary.
A lot of the examples I've seen, involve a visual promt to authorize the access to the api.
BUT WHY?
They assume I'm gonna be making apicalls from a mobile device, acting on behalf of the client, which needs a visual prompt for consent. But none of that applies to my use case.
The thing is, there is ever only gonna be one sender, "ME" (the company email designated for the backend server).
I should be able to create a secret api_key on the google console, and send that in my request headers (like freaking FIREBASE does), or use that key to generate a token which I then send to the api endpoint (like Paypal does).
I want to be able to do something like:
POST https://gmail.googleapis.com/upload/gmail/v1/users/{userId}/messages/send
Authorization: key=<key_created_on_google_console_or_token_obtained_using_said_key>
{
message stuff...
}
The api reference on google says that I need to create an authorization using OAuth credentials, which I'm then supposed to use to create a short lived token that is inserted as
"Authorization: Bearer <TOKEN>"
in my next apicalls, until it expires. But...
In the console, creating a new OAuth2.0 client ID, says I need to create an app. But I already have a proyect and an api_key (with permissions to gmail api). And that said app is gonna have to be sent for review!. What's going on?.
So..
How do I send emails, from my own-controlled email address, using REST calls.
It's all server side, no need to access any user data (not even my own), I already control the sender address, I already have created a project on google console, I already created an api_key.
OAuth seems to think I'm doing something I'm not, so what am I missing?.
Thanks.
The Bearer token is an OAuth2 access token that you get after authorizing your app to access your Gmail account. It's designed for 3rd party authorizations really (like your users allowing your app to access their Gmail) that is why it seems complex when you're accessing your own account.
Check this out https://developers.google.com/identity/protocols/oauth2
Turns out I was trying to use the wrong tool for the problem.
After looking for alternatives I found out about MailGun and SendGrid.
Tried SendGrid and it fit like a glove. Love it.
I was using Gmail+PHPMailer for this problem and thought the new api was meant to replace that, but turns out it's not.
Alexey pointed out the intended use in his answer. Actually I might end up integrating the new Gmail api more in line with it's intended use on my clients mobile devices.
It was all my missunderstanding.
Thank you for your time.
I cannot find a good working sample that calls the Graph API and retrieves the user's contacts from within an Azure Function. Part of the issue is a lack of documentation and samples as this seems new-ish. Is this even possible? I am trying to create a function that can take a phone number and check against the user's contacts to see if the contact exists. So far, the only way I can achieve authentication is to use Postman to retrieve a token manually. That token didn't even work to retrieve the contacts. I know I am doing something wrong but I think what I really need is the big picture. I'm missing something. Thank you for your help.
The auth token binding may help at least with the act of getting the token. In this case, if it's on behalf of the user invoking the function, you'll want to use the identity: userFromRequest setup. Keep in mind that for debugging, you'd still have to acquire a user token for the app and attach that to calls to your function, but you can use the function app's /.auth/login/aad and /.auth/me endpoints for that.
Make sure that your application registration has the Contacts.Read permission. This is required for the contacts API.Today, the UX for App Service Authentication / Authorization today links to the existing permissions UX, which unfortunately uses different names for things. I'd recommend navigating directly to the AAD section of the portal and selecting App registrations (Preview). Find your app registration there (defaults to same as your app name), and browse through the API permissions there. That way the right names show up and will match the Graph docs.
Summary:
I have a WinForms app where multiple users from my organization login to.
From within this WinForm app, I want to call my Web API which internally processes some calendar related events (like create new meeting, fetch meeting responses, etc.) for precisely allotted MeetingManager user
Here, we intend to use Microsoft Graph API to do all our stuff
And since the Web API is going to handle this internally at its endpoint, we seek no interactive screen in between (neither for user login nor for granting permissions at consent page). All this should happen in background without any user interaction in between.
How can I achieve this?
Note: I am a beginner to Microsoft Graph API and Web application domain
Graph API Mock up:
You can get this by app-only authentication method. Get an app-only access token and use it for authentication.
I am also struggling on a similar type of question and I need to retrieve planner tasks. For planner tasks app-only scope is not supported but In your case I think it should work
Read both these links for more details.
https://graph.microsoft.io/en-us/docs/authorization/app_only
https://graph.microsoft.io/en-us/docs/authorization/permission_scopes