I am integrating Office-365-SDK-for-iOS to fetch the user profile and contacts from outlook 365. I configure my application on azure management portal successfully. below are the constants for the app-
#define OutlookClientId #"11d21f9f-6b16-4ea9-8f73-bbc9a65ac72b"
#define OutlookAuthority #"https://login.microsoftonline.com/06cbda59-d75b-4547-8406-e6af3ff4c658/oauth2/token?api-version=1.0"
#define OutlookRedirectUrl #"http://localhost/MyAppName"
#define OutlookRsourceId #"https://graph.microsoft.com/"
When I am giving resourceId is https://outlook.office365.com/.
Then its giving me an error that this is not a valid resource id configured for the app.
I read many url to fined out the problem but I failed.These urls says that "If your app requires permissions to the Office 365 Mail, Calendar, or Contacts APIs, select the Office 365 Exchange Online service." but there is no this service to enable. Below is my add application page screen shot-
There are only 3 application to add.
Please help me out out on this.
Thanks
What type of account are you logging onto the Azure management portal with? Does it have access to Exchange Online? My guess is your Office 365 subscription doesn't include Exchange or SharePoint, so you don't see them there.
It looks like you're trying to use the Unified API though. In that case your resource ID should be https://graph.microsoft.com/.
Ravi,
Please take a look at this article:
https://msdn.microsoft.com/en-us/office/office365/howto/get-started-with-office-365-unified-api
The resource for the unified API is https://graph.microsoft.com not the one that you mention above.
In addition, if you want to query mail, events, files, etc, the tenant you are using for development must have a valid Office365 subscription.
Finally, personal contacts (aka. contacts in Outlook) are not yet supported (coming soon), right now you can access organizational contacts using this request: graph.microsoft.com/beta/myOrganization/contacts
Related
I have an App. registered as multi-tenant in azure, configured to allow access to users from other tenants including personal accounts etc..
But it fails when I tried to send using an external personal account. However it is working fine on the tenant members.
My question is, is it required for an external user to have an Exchange License to send email using the Graph API via my app?
If I'm sending using the application scope sendMail, does the user I used to send the email from needs to have a valid exhange license?
Thanks!
I need some experienced opinions or links to a helpful articles about my issue.
Yes, the user you are using to send the email using application permission must have a valid Exchange license.
Also, user has to be part of your tenant while using the application permission otherwise it will just throw 404 not found
Yes, user should be licensed. And to be accessed with personal accounts your application should be registered with audience as "Accounts in any organizational directory and personal Microsoft accounts" https://learn.microsoft.com/en-us/graph/auth-register-app-v2
I want to develop an Microsoft Teams app which will use Graph API and publish it to Market Place, all articles I have read suggest this integration require Application Registration on Azure Portal of a specific tenant. However, how can I register the application if the application is published, i.e. not for any specific tenant?
Yes, this is definitely possible. If you look at the screenshot in this article (just below where this link will take you), in the screenshot is show "Accounts in this organizational directory only". You want to choose the OTHER option: ""Accounts in any organizational directory".
Depending on what your app does, you will need some kind of authorization though, either from the user(s) or from the administrator, in the end-user's tenant.
I want to start doing some development with the preview edition of the Microsoft Teams APIs.
I currently have a solution working using the Azure AD v2 Endpoint but I wanted to get a working solution using the v1 Endpoint.
I can't find any Microsoft Teams permissions available in the Azure AD portal and I didn't see anything specifically about this in the Known Issues the Teams API.
Can anyone comment on whether there are any options for a pure v1 Endpoint solution using application registration available right now? If not, is it planned?
The v1 Endpoint uses the same permissions as the v2 Endpoint. The primary difference between the two is that v2 scopes can by dynamically requested during authentication while v1 Endpoint requires permissions to be pre-defined within the registration.
When using the Azure Portal, all of the permissions for Teams show up under "Microsoft Graph". For the Teams you'll generally need User.Read and Group.ReadWrite.All. The Azure Portal lists permissions by description (although you can see the underlying scope name in the tooltip):
Sign in and read user profile (user.read)
Read and write all groups (Group.ReadWrite.All)
Note that Group.ReadWrite.All does require Admin Consent. Before you can authenticate normal user's, you will first need to have an Administrator go through the Admin Consent process.
I'm posting this as the answer, because I'm pretty certain this will trip up other developers out there. Up to this point, when getting an access token for AAD v1 apps that use Microsoft Graph, you use "https://graph.windows.net" as the Resource ID. The interwebs are replete with this example, and I have it in my own code that I use for OneNote and other services.
Now with the Graph endpoint for connecting to Teams (and probably other things), the Resource ID you need to use is "https://graph.microsoft.com". Just ran through a quick test using an AAD v1 app with the Microsoft Graph API and Read All Groups permission. I'm sure there's an explanation out there from some MSFT person that might make sense, but I have not found it after many hours of searching the web.
Hope this helps someone.
We are trying to implement a calendar portal (C# ASP.NET MVC) where one admin can see multiple outlook(or office 365) users calendar and see who is available. So multiple accounts should be accessed from one ASP.NET MVC application.
First question : Is it even possible? (may be because I had already seen post on stackoverflow : EWS - Access All Shared Calendars )
Second question : What would be the right approach?
Third question : Is there any project available from Microsoft or article? (I could find any good one)
I have had gone through Using Azure Multi-Tenant application without an Office 365 subscription to access users calendar information and https://www.youtube.com/watch?v=0kvDyl5HShA.
I have had also get connected with a single user's account via OAuth2. It was successful.
Currently, we have this subscription. If any more information required then please comment. Then I will add more description as per necessary.
Thank you.
You could try to build Daemon or Service Apps using client credential grant flow as described in this blog, the service app that requires admin consent, but is authorized to access any user's mailbox/calendar information in your Office 365 tenant. You could click here for sample web app that uses client credential flow to access Users, Mail, Calendar, Contacts in Office 365 via Rest APIs .
This link you provided needs to associate your Office 365 account with Azure AD to create and manage apps .If you can have an existing Microsoft Azure subscription, you can associate your Office 365 for business subscription with it. .Otherwise, you'll need to create a new Azure subscription and associate it with your Office 365 account in order to register and manage apps. For more details ,please read how to set up your Office 365 development environment.
I am currently working on an application that allows users to upload/download files. My company wants to have user files stored in their One Drive and not on our server. The only problem with this is that we want to avoid double authentication in order to access their OneDrive account.
For example we have n users associated with an organization. This organization has a single OneDrive account that all of the users will share (legal?). Once a user authenticates to our application, the idea is to have our application sign them in without user interaction by using the Live API so that they may access their organizations files.
Do we have to authenticate every time we wish to use this service or just once?
It's not a big deal for us to do this once for every organization when setting up their account but a requirement is to avoid double authentication. We want the OneDrive storage to be transparent to the user.
Does this violate any of Microsoft's Terms and Conditions?
Thanks! Any input is appreciated as I've never worked on a cloud based application before. If OneDrive isn't a viable solution are there any other recommended services my company could look at?
Consumer OneDrive isn't intended for business use and sharing a single OneDrive account for multiple people isn't recommended either. You should look into OneDrive for business for your scenario: https://onedrive.live.com/about/en-us/business/.
OneDrive for Business uses the SharePoint developer APIs: http://blogs.msdn.com/b/sharepointdev/archive/2013/08/13/access-skydrive-pro-using-the-sharepoint-2013-apis.aspx
I found that the Box API does not support a grant type of passworrd. Neither does OneDrive or DropBox. Without this grant type it is impossible to sent a username and password to log a user in.