Unable to send email message on behalf of another O365 outlook account - microsoft-graph-api

For some reason the 'Send on Behalf' feature is failing for me. Graph always returns an ErrorSendAsDenied (when From and Sender field values are different).
The accounts are verified to have the correct configuration for sending on behalf of each other. I couldn't make it work after spending more than three days on it.
Following permissions are requested during authentication:
openid
email
profile
offline_access
User.Read
Mail.Read
Mail.ReadWrite
Mail.Read.Shared
Mail.ReadWrite.Shared
Mail.Send
Mail.Send.Shared
For the example below, the user Gregory Test wants to send messages on behalf of Sem Test. A valid authorization access token (authenticated by Gregory Test) is used for sending the email, however email delivery ALWAYS fails.
The sample submitted JSON message is:
{
"Message":{
"Subject":"Trying to send message on behalf",
"Body":{
"ContentType":"html",
"Content":" email html content "
},
"From":{
"EmailAddress":{
"Address":"sem.test#contoso.com",
"Name":"Sem Test"
}
},
"Sender":{
"EmailAddress":{
"Address":"gregory.test#contoso.com",
"Name":"Gregory Test"
}
},
"ToRecipients":[
{
"EmailAddress":{
"Address":"semtestestestes#gmail.com",
"Name":"Sem Shehovtsov"
}
}
]
}
}
If the Sender and From are set to the same value, it is working fine. The Sender mailbox is configured to allow sending messages on behalf of other users.
Any ideas?

You don't need to set the Sender property, Graph will handle this automatically for you. From the documentation:
In order to send from another user, set the from property on the message sent to the email address of the user to send from. You don't need to set the sender property - Microsoft Graph will set it appropriately, based on the mailbox permissions granted to the user who has signed in.
Try this payload instead:
{
"message":{
"subject": "Trying to send message on behalf",
"body":{
"contentType":"html",
"content":" email html content "
},
"toRecipients":[
{
"emailAddress":{
"address":"semtestestestes#gmail.com",
"name":"Sem Shehovtsov"
}
}
],
"from":{
"emailAddress":{
"address":"sem.test#contoso.com",
"name":"Sem Test"
}
},
}
}
Also, you don't need to request both Read and ReadWrite scopes. The ReadWrite scopes overlap with the Read scopes.

Related

Create notifications only bot for Microsoft Teams

I'm trying to create a notifier via MS Teams. I want to send a direct message to a named user. Here's what I've done so far:
Created a bot at https://dev.botframework.com in my azure account
Tied the bot to an app registration in AzureAD
Retrieved a token
I'm trying to create a new conversation by posting:
{
"bot": {
"name": "OpenUnison Notifications Bot",
"id": "openunison"
},
"members": [
{
"name": "Matt Mosley",
"id": "mmosley#marcboorshteintremolosecuri.onmicrosoft.com"
}
],
"topicName": "OpenUnison Notifications",
"isGroup": false
}
to https://smba.trafficmanager.net/apis/v3/conversations, the response I get is
{"error":{"code":"BadSyntax","message":"Bad format of conversation ID"}}
When I look in the activity log I don't see anything for the Teams channel, but for web I see Activity dropped because the bot's endpoint is missing. I think I'm missing something. I don't want to handle responses, this is a no-reply notifications only bot. How can I avoid requiring a bot endpoint? Also, am I even taking the right approach for my goal?
Notification-only bots use proactive messaging to communicate with the user.
A proactive message is a message that is sent by a bot to start a conversation.
When using proactive messaging to send notifications you need to make sure your users have a clear path to take common actions based on your notification, and a clear understanding of why the notification occurred.
POST {Service URL of your bot}/v3/conversations
{
"bot": {
"id": "c38eda0f-e780-49ae-86f0-afb644203cf8",
"name": "The Bot"
},
"members": [
{
"id": "29:012d20j1cjo20211"
}
],
"channelData": {
"tenant": {
"id": "197231joe-1209j01821-012kdjoj"
}
}
}
Sample Link-https://github.com/OfficeDev/microsoft-teams-sample-complete-csharp/blob/32c39268d60078ef54f21fb3c6f42d122b97da22/template-bot-master-csharp/src/dialogs/examples/teams/ProactiveMsgTo1to1Dialog.cs

Remove scopes from Firebase OAuthProvider('google.com')

I am using a vanilla configuration of the firebase Auth SDK. It is currently asking for all of these scopes.
I do not need profile picture or name, and would love to remove them. Is it possible?
Simple answer is No name, and picture permissions are granted to your application when you request the profile scope as part of signin.
explanation
Assuming you are following the example found here. If you check the lines called addScopes.
provider.addScope('profile');
provider.addScope('email');
This is where you define what permissions your applicating needs. The email and profile scopes are part of Google sign in (Open Id Connect) The profile scope give you access to some basic profile information about the user. Part of basic profile information is their picture.
These two claims are actually returned by the user info endpoint. This is the response from the userinfo endpoint when I authorized only with the profile scope.
{
"family_name": "Lawton",
"name": "Linda Lawton",
"picture": "https://lh3.googleusercontent.com/a-/AOh14GhroCYJp2P9xeYeYk1npchBPK-zbtTxzNQo0WAHI20=s96-c",
"locale": "en",
"given_name": "Linda",
"id": "1172004755376"
}
This is all default, so its not something you can change.
full example
// Using a redirect.
firebase.auth().getRedirectResult().then(function(result) {
if (result.credential) {
// This gives you the OAuth Access Token for that provider.
var token = result.credential.accessToken;
}
var user = result.user;
});
// Start a sign in process for an unauthenticated user.
var provider = new firebase.auth.OAuthProvider('google.com');
provider.addScope('profile');
provider.addScope('email');
firebase.auth().signInWithRedirect(provider);

twilio access token grants for voice documentation

I have a browser based twilio phone app that works well, but for better security we are integrating access tokens now. But we can't find ANY documentation on grants anywhere. We are constructing everything ourselves in our backend, so we are specifically looking for the variables we need to put in our JSON for that, for receiving calls and sending calls.
I have asked Twilio, but it's sunday. When they return a response, if that comes first, and if it works, I'll put it here to help others who might be looking for this as we are.
ie. here is the JSON payload:
{"sub":"AC*****","nbf":1578251940,"iss":"SK*****","exp":1578338340,"iat":1578252060,"grants":{"identity":"ID_whatever","voice":{"service_sid":"AP*****"}},"jti":"SK*****"}
Any help is appreciated.
Twilio have responded with a working payload template, here it is in case anyone else needs it.
{
// API key SID concatenated with current timestamp
"jti": "SK...-1578329486",
// API key SID
"iss": "SK...",
// account SID
"sub": "AC...",
// expiration timesetamp
"exp": 1578333086,
"grants": {
// Client name
"identity": "alice",
"voice": {
"incoming": {
// if incoming connections are allowed
"allow": true
},
"outgoing": {
// if outgoing connections are allowed, the application SID
"application_sid": "AP..."
}
}
}

ZendeskApi.Tickets.CreateTicket throws 401 despite "Anybody can submit tickets" is enabled

I have a Trial subscription and I'm using ZendeskApi.Tickets.CreateTicket(ticket) to create a new ticket; Anybody can submit tickets is Enabled. It works when I create a ticket with requester.email that is a registered user, but I'm getting the below error when I try to create a ticket with a Requester who is not a user. Tips on what I'm doing wrong?
The remote server returned an error: (401) Unauthorized.Error content: {"error":"Couldn't authenticate you"}
Resource String: tickets.json +
Body: {
"ticket": {
"subject": "Subject",
"comment": {
"body": "Message test body",
"public": false
},
"requester": {
"email": "wendellj#gmail.com"
},
"is_public": false
}
For anonymous user you should use this api end point: https://developer.zendesk.com/rest_api/docs/core/requests#create-request
This is used to create requests in zendesk when user is not registered with user and it doesn't need authentication header as well. See
To make anonymous requests:
Omit the authorization header.
Include a requester object in the request object.

Jira Api Error when creating issue

On my website I have a contact form which when submitted, creates a new service desk ticket. It makes the following rest api call:
https://jira-housters.atlassian.net/rest/servicedeskapi/request (with appropriate Accept and Authorization request headers)
{
"serviceDeskId": "1",
"requestTypeId": "1",
"requestFieldValues": {
"summary": "Housters Contact from Justin Test (Web)",
"description": "test message"
},
"raiseOnBehalfOf": "myemail#mydomain.com"
}
Before this worked completely fine, however a few days ago it started erroring:
{"errorMessage":"Your request could not be created. Please check the fields have been correctly filled in. Please provide a valid value for field 'Raise this request on behalf of'","i18nErrorMessage":{"i18nKey":"sd.validation.request.creation.failure.required.field","parameters":["Please provide a valid value for field 'Raise this request on behalf of'"]}}
This makes no sense, as it's complaining about the raise request on behalf of field when I clearly have it specified. What gives?
raiseOnBehalfOf should have the customers accountId not email.
You can create a customer using:-
-> https://your-domain.atlassian.net/rest/servicedeskapi/customer
-> Get the accountId from the response.

Resources