I am developing a console app in .net which will send mail using the Azure AD application. I followed all the step from generating the certificates to registered an application in Azure AD. Then provided the application permission (Send mail as any user) using Microsoft graph API and provided it “grant permission” as an admin consent.
In my console app code I uses the below outlook api to send mail as
resourseurl — https://outlook.office.com/api/v1.0/users/{my email account}/sendmail. After providing grant permission to my app I am still facing the 401:unauthorized error.
You gave permissions to Microsoft Graph API, so you need to use it.
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_sendmail
The URL that you need to use is thus:
POST https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/sendMail
Internally the graph API does call the API you mentioned. But your token is for the graph. Not the outlook API.
You also mentioned the resource URL. The graph API resource URL is https://graph.microsoft.com.
Related
Recently Microsoft has started to authenticate user with OAuth 2.0 protocol. I have implemented it in Asp.net Core C# and got token.
Now I am able to access mails from main mail Inbox using Mailkit from Microsoft exchange server using OAuth 2.0. But how can I be able to access mails from shared mailbox?
In my code I have mentioned shared mailbox account id.
My code is as follows
Code
Getting exception as "Autheticated but not connected". Please guide
The "Authenticated but not connected" error is unique to Microsoft Exchange IMAP servers and means that your account is not authorized to connect via IMAP.
You will need to be granted permissions for IMAP access by the admin of your tenant.
Need to give shared mailbox permissions to OAuth app as well and shared mailbox will be accessible.
I have a .Net core web Api calling google drive api. The google drive api should authenticate the api call with Okta and authorize. How can this be achieved?
Should i setup the auth application in Okta dashboard and generate client id and authentication token?
Which before calling google api will be used to get bearer token from Okta and shared with the google api?
Will be registered with google admin console and generate the tokens?
The domain of the api will be google.api.com ... so no where it is going to Okta for authentication
What you do with your Okta site will be after you have gained access to the google api on behalf of your users. a bearer token from Okta will not grant you access to a google api you need to go though googles authorization server to get that.
In order to access the Google Drive api and access private user data. The owner of that data will need to authorize your access.
To do this we use something called Oauth2. The issue you will have is begin that you say you are using a web api to call Google you will need to create a web application on the side where your users can authorize your application to access their data. You will need to register your application with google on Google Developer console. Create a web client credentials. Then when the user has authorized your application to access their data you will will need to store the refresh token in your system associated with the user.
Then your web api will be able to access the users data by loading the refresh token and requesting a new access token.
There is currently only one sample web-applications-asp.net-core-3 for .net core web applications it doesn't show how to store the refresh token you will need to work that out.
I do have a video on setting up asp .net core with the google people api it might give you a starting point How to get a Google users profile information, with C#. as well as one on how to create a How to create Google Oauth2 web application credentials in 2021.
I am building an app (HTTPS calls from LabVIEW) that will update my enterprise OneNote notebooks on Office 365 without the need for any user interaction. Hence I have opted for using the Client Credentials flow and granting Application permissions in Azure AD to my app (Read and write all OneNote notebooks) through Microsoft Graph.
I have referred to the instructions mentioned in the following pages:
https://msdn.microsoft.com/en-us/office/office365/howto/onenote-auth-appperms
https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference
https://learn.microsoft.com/en-gb/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
https://developer.microsoft.com/en-us/graph/docs/concepts/onenote-create-page
I am able to get an access token from Microsoft Graph but once I try to use it to update my notebooks by making a POST call to the URL
https://graph.microsoft.com/v1.0/me/onenote/pages
I get the error:
"The OneDriveForBusiness for this user account cannot be retrieved." Code - 30108
However, I am fully able to access OneDriveForBusiness online using the same account which created the app and the tenant ID of which I used to grant permissions. Can someone please clarify if there are certain restrictions regarding the type of O365 and OneDriveForBusiness subscriptions that are necessary for my requirements? Which particular subscription or their combinations thereof should allow me to achieve the flow I need?
You cannot use /me with Client Credentials. /me is an alias for /users/{currentUserId but since you're using Client Credentials, there is a User in context for the API to map that alias to. You are effectively calling /v1.0/users/NULL/onenote/pages in this case.
You need to explicitly specify the User you want to access:
/v1.0/users/{userId or userPrincipalName}/onenote/pages
I am new to Microsoft Graph and SharePoint Framework. Recently developing spfx webpart with Graph API's integration.
I have registered the app in https://apps.dev.microsoft.com portal and AAD implementation through hello.js.
The first time browsing to the page, it redirects to Microsoft app login page and prompt for credentials.
Once authentication successful then it's working fine, from then on it does not prompt for credentials.
Is there any possiblities to access MS Graph API directly using Application Id, and Secret without prompting for login?
Yes, you will want to use the client credential flow to do this. You will only have access to organizational data (/me won't work for example, but /users will). There is an article on getting access here.
You will need to log in as an admin one time per application to authorize your app to use your tenant's data. You can do this at:
https://login.microsoftonline.com/{tenant}/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
The Google Developer Consoles (even the old version) no longer lists the Mail API in the list of available APIs.
I'm trying to develop a web application which acts on behalf of users to manage their Gmail, like Mailbox. This requires using the Gmail IMAP API with XOAUTH2 authentication with an OAuth 2.0 access token. The documentation instructs provisioning OAuth 2.0 token with a https://mail.google.com/ scope. Provisioning credentials for a web application then requesting a token with this scope yields a 403 response with an accessNotConfigured error. There are options in the developer console for configuring other APIs, but there is no option to configure access for the Mail API.
Attempting to provision the mail scope in the Google OAuth Playground using their client credentials works correctly and the resulting access token can be used to access Gmail IMAP with XOAUTH2.
Have Google disabled OAuth 2.0 authentication for Mail using new credentials, or is it just hidden? I can't find a way to contact them and ask for Mail API access.
Just create any client id it doesn't matter what API you select. When you make the authentication request send the scope of https://mail.google.com/. That will get you the access token you need to login to the imap server.