We implemented oauth2 microsoft graph integration using node sdk. Mostly we use it for reading and sending emails. We already have some customers using our integration, but there's one customer that we are not able to get / send emails from his account. we get a 404 for everything we try to do using his access/refresh token.
this is one example:
POST https://graph.microsoft.com/v1.0/users/me/sendMail
Content-type: application/json
Content-length: 512
{
"message": {
"subject": "...",
"body": {
"contentType": "Text",
"content": "..."
},
"toRecipients": [
{
"emailAddress": {
"address": "...#....com"
}
}
],
}
}
And the response we are getting is:
{
"statusCode": 404,
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"requestId": "b5f8efca-53ff-4cf1-978e-c4f745fcbbc1",
"date": "2018 - 01 - 20 T23: 13: 27.000 Z",
"body": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"request-id": "b5f8efca-53ff-4cf1-978e-c4f745fcbbc1",
"date": "2018-01-20T23:13:27"
}
}
}
Looking for some similar issues, we found Office365 API returns 404 on GetCalendars on some accounts
where they say that the customer's mailbox might not be hosted in Office 365.There's a way to check using the requestId if this is the problem with our request? Or there's a way to find out without needing to ask the customer to try to sign in using OWA?
The URL https://graph.microsoft.com/v1.0/users/me/sendMail isn't correct. It should be https://graph.microsoft.com/v1.0/me/sendMail.
Related
I am accessing the Graph Api endpoint:
https://graph.microsoft.com/v1.0/me/sendMail
I retrieve the access token from Graph Explorer and use it as a Bearer token in Postman.
I also set Content-Type in the header to "application/json".
I set the Body as
{
"message": {
"subject": "Meet for lunch?",
"body": {
"contentType": "Text",
"content": "The new cafeteria is open."
},
"toRecipients": [
{
"emailAddress": {
"address": "testuser#acme.com"
}
}
]
}
}
Through Graph Explorer I have given consent for Mail.Send
It works fine in Postman. I set the scope in my c# app as Mail.Send, but when i send the request it gives the error
{StatusCode: 403, ReasonPhrase: 'Forbidden'
What other permission do i need to set ?
I am trying to add user using Microsoft graph API.
I have provided the consent for all the permissions required.
POST https://graph.microsoft.com/v1.0/users
Request body that is send to the post request.
{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV#contoso.onmicrosoft.com",
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
}
}
Error that is received in response
{
"error": {
"code": "",
"message": "No HTTP resource was found that matches the request URI 'https://outlook.office365.com:444/profile/v1.0/users('CID:0ff49e4749deeaf2')/profile?api-version=AGSV1-internal'.",
"innerError": {
"date": "2021-02-04T10:41:56",
"request-id": "025218e1-191c-464f-adf3-f0cdc5fcebfd",
"client-request-id": "c071d220-2f14-d7fa-956e-cd45ccbdc735"
}
}
}
Is there something that I am missing?
I have also gone through the docs for adding user provided by Microsoft.
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http
What you said in the comment is correct, the document has detailed instructions, it does not support Microsoft personal accounts.
You will have to check the end point are you using to authorize in order to obtain the token.
If you are using a tenant specific end point
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
Try replacing with the common endpoint
https://login.microsoftonline.com/common/oauth....
I'm trying to create events in my personal calendar (Office 365 account) with Graph API. I create a instance on my tenant on Azure with the following delegated permissions: Calendars.Read, Calendars.ReadWrite, email, offline_access, openid, profile and User.Read.
The oAuth2 sign-in occours as expected and I receive both the bearer_token and the refresh_token, using the /.default scope. But when I try to make the request:
POST /v1.0/me/calendar/events HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer eyJ0eXAi...
Content-Type: application/json
{
"subject": "Example",
"body": {
"contentType": "text",
"content": "Example description"
},
"start": {
"dateTime": "2020-09-01T12:00:00.000Z",
"timeZone": "America/Sao_Paulo"
},
"end": {
"dateTime": "2020-09-01T13:00:00.000Z",
"timeZone": "America/Sao_Paulo"
},
"location": {
"displayName": "Example location",
"locationUri": "https://example/uri"
}
}
I get this response:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource could not be discovered.",
"innerError": {
"date": "2020-08-31T22:18:15",
"request-id": "f03d0bdf-1a9c-41f4-a236-1c5a41a5d286"
}
}
}
I already had discarted that is a mailbox problem, because with Graph Explorer I can make the request and change my calendar, so I'm willing to think that is a permission problem.
I found out, the problem was not with the Graph request, but with the authentication request.
When you log into Graph API with a coorporative account, the requests to get the bearer_token are:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token.
But when you use a personal account, the endpoints are:
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
https://login.microsoftonline.com/consumers/oauth2/v2.0/token.
Using the tenantId will authenticate, but the user data will not be found in the tenant, giving the error I got.
We're using the client_credentials flow to get access for our application to tenants environments. The application has the correct scopes, and we get an access token that is working for other endpoints like /users but when doing a request like the following we get error messages.
GET https://graph.microsoft.com/beta/me/findRooms
{
"error": {
"code": "ErrorInvalidUser",
"message": "The requested user '{userId}#{tenantId}' is invalid.",
"innerError": {
"request-id": "b72d26a3-d0ad-42eb-a3d3-35951cb42b3d",
"date": "2020-01-21T10:21:28"
}
}
}
I understand that there's no "me" when we're just an application, but how do we access these types of endpoints in that case? Do I have to have a user to act as, as well? That seems to me like it defeats the purpose of a daemon like this. Cannot find any clear documentation on this matter. On this page in the docs on the use a token section they even refer to a /me endpoint, which is incorrect in that case.
I've tried requesting the /users/{id}/findRooms endpoint with all different kinds of ID's I can find in the access token - none of them work.
Other people with the same issue, that have yet to resolve it.
1. Feedback area in docs
2. Github issue
Best regards,
Christopher
Using the /users/{user-id} is the only pattern that will work with client credentials. In your case, this should work, so maybe it's an issue with the id you are using.
To make sure I'm not giving you bad information, I just tested this with an app-only token from the client credentials flow. Parsing that token over at https://jwt.ms, I see the roles claim like so:
"roles": [
"User.Read.All"
]
If first did a GET /users?$select=displayname,id, and this user was included in the response:
{
"displayName": "Adele Vance",
"id": "3103c7b9-cfe6-4cd3-a696-f88909b9a609"
}
This is the id to use in your findRooms call. I did GET /users/3103c7b9-cfe6-4cd3-a696-f88909b9a609/findrooms and got the following response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.emailAddress)",
"value": [
{
"name": "Conf Room Adams",
"address": "Adams#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Baker",
"address": "Baker#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Crystal",
"address": "Crystal#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Hood",
"address": "Hood#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Rainier",
"address": "Rainier#M365x330971.onmicrosoft.com"
},
{
"name": "Conf Room Stevens",
"address": "Stevens#M365x330971.onmicrosoft.com"
}
]
}
I am using Microsoft Graph API to send an email on behalf of an admin. The token has the permission Mail.Send at application level. I am getting a 400 - Bad Request as the response.
Request: POST https://graph.microsoft.com/v1.0/me/sendmail
{
"message": {
"subject": "first mail",
"body": {
"contentType": "Text",
"content": "commented commmented"
},
"toRecipients": [{
"emailAddress": {
"address": "Alex#*******"
}
}]
},
"saveToSentItems": "false"
}
Response is 400 - Bad Request:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"request-id": "4c5cc54c-e590-4d9f-903f-4bc9828da707",
"date": "2018-01-19T19:48:11"
}
}
}
I searched all over Stack Overflow but I could not find a solution. Can someone please help me? Thank you in advance.
When using client_credentials you cannot use the /me endpoint. Graph translates requests to /me as /users/{ID of the Authenticated User}. Since you do not have an "Authenticated User" when using Client Credentials (i.e. App-only) you cannot use /me here.
Also note that the response is an AuthenticationError. This suggests that you haven't gone through the Admin Consent process yet. Any application looking to leverage the Client_Credentials OAUTH flow must first have an Admin provide Consent for the Tenant. It isn't clear how you're retrieving your token but if you're using the v2 Endpoint you can follow this walk-though: v2 Endpoint and Admin Consent