The Microsoft graph endpoints failed with 5xx error randomly. why? - microsoft-graph-api

Request URL:https://graph.microsoft.com/v1.0/me/messages
Some times when I try to get messages with this query (top > 10) /v1.0/me/messages?$top=20, it fails and responds 503-UnknownError. But with this one $top=10, it always works.
Another confusing part is that this problem only occurred with a specific personal-outlook(not organizational) email address!!!
There is another similar problem too:
Sometimes, When I try to initiate the graph-client I get this error:
AADSTS70012: A transient error has occurred. Please try again
The other problem:
It's possible to create a new outlook account with valid Gmail-address, then you can log in to your outlook account with a username equal to a valid Gmail-address.
This is what I got from M-Graph-Console:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"displayName": "FirstName LastName",
"surname": "LastName",
"givenName": "FirstName",
"id": "286526a26a78f1a8",
"userPrincipalName": "any-valid-gmail-username#gmail.com",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
Check the mail property: it's null !!
You can not fetch randomly-genrated-username#outlook.com from graph-APIs!!
As I know the only way to find the real outlook email address is to fetch sent messages and parse both of from and sender properties.
Now you can send an email to any other valid Gmail address from your outlook dashboard, but it's not possible to reply it or send email to your new outlook account address (any-valid-gmail-username#gmail.com).
I'm not sure this is a bug or feature but it does not seem to be a good idea!

503 is a server side issue. Possibly a bug on the Graph API side. If you are able to reproduce it you should open a support ticket.
You should not be able to add a user (in Office365 Business) for an unverified domain. Obviously you won't be able to verify gmail.com as your domain. Therefore, if you have managed to find a scenario where you are able to create an #gmail.com account in Office365, I suggest you report it to Microsoft as a bug (possibly "security" severity).

Related

Identifying messages posted by my app in Slack

I'm developing a Slack app that posts alert apps to channels. I want this app to check the history of a channel to find messages it has posted earlier so it can respond accordingly. For example, if there's an alert that has not yet "cleared" it will update said alert instead of posting a new message.
The challenge I'm encountering is that it's not clear how I can identify messages that my app has posted. I see that I can search a channel with conversations.history, and that gives me message events. It looks like some messages have a user property. There are also bot_message sub-type messages that have a bot_id property. However, I don't see any way to identify my app ID.
Should every app have an associated bot_id? user ID? If so, where do I get these IDs so I can filter the conversation history?
Update
I tried calling the bots.info method with no bot ID parameter hoping it would give me my bot ID, but it returned no data other than an "OK" status.
Perhaps because Slack has a long history of different APIs, I was misled. Apparently, it's possible for me to find messages my bot previously posted but not how I thought. Here were my misunderstandings and what I've found out when playing with the Slack API tester.
Using conversations.history, you can get a list of messages posted in a channel. The docs say that the history returns an array of message events, and that these have a subtype field. One of the subtypes is bot_message, so my assumption is that messages posted by my bot would have this sub-type. The docs for bot_message has a bot_id, which I don't know for my app, and username, which I don't know what it will match.
However, it turns out when I posted a test message, that the message did not show up as a bot_message; rather it appears in the history without a subtype and has properties which don't seem to match any documentation:
{
"bot_id": "B01HSBYRKUZ",
"type": "message",
"text": "Testing the Slack API; please ignore.",
"user": "U01HDNUJ5EE",
"ts": "1609878469.036400",
"team": "<omitted>",
"bot_profile": {
"id": "B01HSBYRKUZ",
"deleted": false,
"name": "my-bot-name",
"updated": 1608584973,
"app_id": "<omitted>",
"icons": {
"image_36": "...",
"image_48": "...",
"image_72": "..."
},
"team_id": "<omitted>"
}
}
So although it's risky to code against an undocumented format (or maybe I just can't find the right docs?), I can filter these messages by looking to see if there's a bot_profile.app_id that matches my app's ID, which I do know.
you may know id your bot if use context. Example: const {botUserId} = context

Message not found in user mailbox while working on microsoft graph explorer

Auto Remediation not happening. Error :- message not present in User's mailbox .
Scenario:
While working on microsoft graph explorer and sending mail with attachment the outlook is not able to auto remediate the message and while checking the url on graph explorer i am not getting any value associated with it and also i am getting the error like the message is not there in the user mailbox.
The Attachment name which I am using are double byte Chinese characters (发送邮.xml)
Instead of this if I am using attachment name like this (for e.g 送邮.xml) then it is working as expected and the mail is successfully getting remediated.
Is there any bit size limit of attachment names in graph explorer because of which it is not taking that attachment name(发送邮.xml) whereas it is working fine with (送邮.xml)
Please help me with this.
I have tried giving the payload this way and used the same name that didn't work for you. But I was able to success send mail using Graph Explorer.
"attachments": [
{
"#odata.type": "#microsoft.graph.fileAttachment",
"name": "发送邮.xml",
"contentType": "text/plain",
"contentBytes": "SGVsbG8gV29ybGQh"
}
]

Is there a way to prevent the 404 error for consumer accounts when attempting to fetch non-consumer data?

I have an application that fetches profile data using Microsoft Graph APIs. The application should be able to fetch profiles for both Work/School Azure account and consumer Azure accounts. The issue I have is that when I am retrieving data that is exposed on Work/School accounts but not a consumer accounts, I get a 404 error. In other words, my application should handle Work/School accounts and consumer accounts the same, only fetching data that is exposed by Microsoft Graph for a consumer account without returning an error when data is unexposed.
Calling this endpoint https://graph.microsoft.com/v1.0/me/ with authorization token for a consumer account, I get the following response:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(etc)/$entity",
"displayName": "<fullname>",
"surname": "<lastname>",
"givenName": "<firstname>",
"id": "value",
"userPrincipalName": "value#hotmail.com",
"businessPhones": [],
"jobTitle": null,
"mail": null,
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null
}
Calling https://graph.microsoft.com/v1.0/me/?$select=birthday with a Work/School account, I get data I can work with. Meanwhile calling https://graph.microsoft.com/v1.0/me/?$select=birthday with the same authorization token returns:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource not found.",
"innerError": {
"request-id": "5dac0b98-0335-4de2-b8fa-3b9a2dfbe378",
"date": "2019-04-26T23:23:21"
}
}
}
Is there any way to retrieve the profile data for a consumer account while still attempting to retrieve the unexposed data in a Work/School account without getting a 404 returned?
Since you are requesting data that doesn't exist (birthday), you should be getting a 404 Not Found response. Per RFC 7231 Section 6.5.4 :
The 404 (Not Found) status code indicates that the origin server did not find a current representation for the target resource or is not willing to disclose that one exists.

Querying extensionAttributes in Microsoft Graph API

I have some extensionAttributes (1-4) synced from on-prem to Azure AD using Azure AD Connect, and I want to query these using the Microsoft Graph API, but the data returned is null
As below, the Azure AD Connect tool syncs extensionAttribute1 as extension_guid_extensionAttribute1 etc..
In this example I've changed the GUID randomly
Get-AzureADUser -ObjectId test.user#mydomain.com | Select -ExpandProperty ExtensionProperty
Key Value
--- -----
odata.metadata https://graph.windows.net/ec28dcc...
odata.type Microsoft.DirectoryServices.User
createdDateTime
employeeId
onPremisesDistinguishedName CN=Test User,OU=Users - Active,DC=internal,DC=...
thumbnailPhoto#odata.mediaContentType image/Jpeg
userIdentities []
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute4 7119
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute3 0834717194
extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute1 \\fileserver\scan\folder\Test.User
What I can find in the documentation is these attributes should be called onPremisesExtensionAttributes when queried via the API, but they're all null:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName,onPremisesExtensionAttributes)/$entity",
"displayName": "Test User",
"onPremisesExtensionAttributes": {
"extensionAttribute1": null,
"extensionAttribute2": null,
"extensionAttribute3": null,
"extensionAttribute4": null,
"extensionAttribute5": null,
"extensionAttribute6": null,
"extensionAttribute7": null,
"extensionAttribute8": null,
"extensionAttribute9": null,
"extensionAttribute10": null,
"extensionAttribute11": null,
"extensionAttribute12": null,
"extensionAttribute13": null,
"extensionAttribute14": null,
"extensionAttribute15": null
}
}
Likewise, if I query the attribute name directly:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(displayName,extension_034abf7ea2ee45317869abe74870bf20_extensionAttribute1)/$entity",
"displayName": "Test User"
}
I hope to be able to get the values of these extension attributes via the Microsoft Graph API, but they're blank. I know the data is in there because I can see it via the PowerShell get-AzureADUser cmdlet so I must be missing something.
This is all through the Graph Explorer, I haven't written any code yet to try and query this outside of the Graph Explorer.
Any help would be greatly appreciated
In order to see all the attributes for users other than yourself, you must be granted the User.Read.All permission.
In Graph Explorer, click on "modify permissions" underneath the signin button to add permissions (you may need an admin to grant them for you).
Permissions reference: https://learn.microsoft.com/en-us/graph/permissions-reference
I just ran into the same issue when using the MSGraph Powershell SDK
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return empty values
Only when connecting to the beta endpoint it returned values.
Select-MgProfile -Name "beta"
Connect-MgGraph -CertificateThumbprint "[CertThumbPrint]" -ClientId "[ClientIDAppRegistration]" -TenantId "[TenentID]"
Turns out this was only an issue in the graph explorer. Using the API is fine. Spent ages stressing over this, should have just tested it in a real environment!
Thank you Mister Iks! You are right!
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return empty values
After run: Select-MgProfile -Name "beta"
(Get-MgUser -UserId "[UserObjectID]").OnPremisesExtensionAttributes did return the values.

ErrorItemNotFound when trying to retrieve room calendar via MS Graph API

Next to retrieving calendar views of a user's calendar (on behalf of the user), we are trying hard to also get the calendar view of rooms via the Graph API using
https://graph.microsoft.com/beta/users/room1#ourdomain.com/calendarView. It's a painful process since we've been running into many problems and are currently stuck with the following 404 response:
https://graph.microsoft.com:443/v1.0/users/room1#ourdomain.com/calendarView?startDateTime=2018-12-04T23:00:00.000Z&endDateTime=2019-02-10T22:59:59.999Z
{
"error": {
"code": "ErrorItemNotFound",
"message": "The specified object was not found in the store.",
"innerError": {
"request-id": "358a003a-57a4-4f0e-91da-edc17c1fa2d8",
"date": "2018-12-12T07:38:33"
}
}
}
The email address of the room has been double checked and the resource exists, since we can create appointments with it and it is even being returned in the response when we retrieve the calendar of the user who has an appointment in that location.
App permissions and OAuth2 scopes are set to: openid email profile offline_access https://graph.microsoft.com/Calendars.Read https://graph.microsoft.com/Calendars.Read.Shared https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/User.Read.All, so that should not be an issue, judging by the documentation.
Does anyone know how to solve this?
I've tried all possible ways, but there is no way to get access.
This is what I've tried out the following in the Graph explorer:
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/events -> DelegatedCalendarAccessDenied
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com/calendar/calendarView?startDateTime=2019-01-14&endDateTime=2019-01-18 -> ErrorItemNotFound
All three on both the v1.0 and the beta.
It isn't an issue with rights, because for my testing I granted the Graph Explorer the Directory.ReadWrite.All scope. Resulting in the following scp claim.
The first requests seems the most promising (because of the different error), I also made myself a delegate with full control of the rooms-mailbox. That still didn't help.
A request to https://graph.microsoft.com/v1.0/users/meetingroom1#domain.com gives a result, as in a result describing the meetingroom.
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"businessPhones": [],
"displayName": "Meeting room 1",
"givenName": null,
"jobTitle": null,
"mail": "meetingroom1#domain.com",
"mobilePhone": null,
"officeLocation": null,
"preferredLanguage": null,
"surname": null,
"userPrincipalName": "meetingroom1#domain.com",
"id": "3e0a7b7e-xxxx-xxxx-xxxx-xxxxcxxxx120"
}
After doing all these tests, I can only conclude that you cannot access the events in a rooms mailbox. This is either intended (as in only use the scheduling assistant) or a bug.
Maybe some of the Microsoft guys around here could clarify this?
FINALLY! After going through this with countless Microsoft support people, each of whom said this was not their territory and did not know where to forward the question, I got in touch with somebody from the Exchange team. He suggested the one thing that worked for us: the user on behalf of which you are retrieving the room resource calendar needs to be a delegate of that room resource!
In addition, to retrieve the list of room resources which the user can select from, we needed to use the findRooms endpoint but this only works on the beta API. The only drawback of this is that you cannot seem to filter for rooms of which the user is a delegate. So the user will get a list of rooms for which he might or might not be able to retrieve the calendar.
A final drawback of the room resource calendarView response is that the response does not contain the names of the meetings planned in the rooms. The description of each event only contains the name of the meeting organizer.

Resources