i just develop an Addin to Outlook and try to get callback token with this function:
Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function (result)
and get this result:
Error getting callback token : {"value":null,"status":"failed","error":{"name":"Internal Error","message":"An internal error has occurred."}}
any help... thanks
I solved my problem.
My mistake was with the registration of the application on microsoft.
I registered the app with 365 account, while the Outlook runs on an other account of exchange, not the 365 account.
Maybe its could be helpful for someone...
Related
I'm trying to use Google Contacts API to import a users gmail contacts. This works with my gmail but fails when others try to login with the following error message:
Error: invalid_scope
This app hasn't been verified to access: {invalid = [https://www.googleapis.com/auth/contacts]} Please contact the developer for assistance. Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again. If not, contact the developer for help.
Because of this message, I did some research and found this question which suggests that this app needs to be reviewed. I then submitted my app for verification. However, I received an e-mail saying that my app does not need verification from google.
Thank you for submitting the developer verification form. Based on the information you provided, you have access to the scopes that you are planning to use. If you add any more scopes in the future, you may have to go through verification.
The scope I am requesting is https://www.google.com/m8/feeds/.
Does this scope require approval from google?
I'm using the gapi library, below is my code:
function start() {
var auth_obj = {
clientId: currentUser.GOOGLE_APP_ID,
scope: 'https://www.google.com/m8/feeds/'
}
gapi.client.init(auth_obj).then(function() {
gapi.auth2.getAuthInstance().isSignedIn.listen(updateSigninStatus);
updateSigninStatus(gapi.auth2.getAuthInstance().isSignedIn.get());
})
};
gapi.load('client:auth2', start);
function getContacts() {
var access_token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token
var url = "https://www.google.com/m8/feeds/contacts/default/"
url += "thin?alt=json&access_token=" + access_token
url += "&max-results=500&v=3.0"
$.get(url)
}
Yes, If your app is going to be used by random other users and it is asking for the contact scope then it needs to be reviewed and approved.
The reason you got the answer from us (it does not need a review).. if you indicated that it was for your own usage or for just a few users. In that case you (and whoever needs to approve) can join a Google group. You probably joined the Google group and thus you can approve this app (or your account is part of gsuite).
Contact me with more details about your app and I can look into the specifics.
I suggest that you respond to the review and make it very clear what data you plan to access and how you are going to use it. If Google has any doubt about your intentions with the data, they see to be less likely to approve the request.
Also, if you plan to only read their contacts, you could modify your scope to be https://www.googleapis.com/auth/contacts.readonly.
I need to set the category of mail item using EWS.
Basically I set it like so (VB code)
If Not outlookItem.Categories.Contains("MyCategory") Then
outlookItem.Categories.Add("MyCategory")
outlookItem.Update(ConflictResolutionMode.AlwaysOverwrite)
End If
This fails with an exception
The requested web method is unavailable to this caller or application.
Now, I found that this is because I'm using a token produced by the office API method getCallbackTokenAsync to authenticate with EWS. Apparently this token is read-only.
I am looking for suggestions for an alternative way to use outlooks credentials to authenticate with EWS. I would much prefer to work with the managed API.
I see this Access to Outlook RestAPI from an Outlook web Add-in question but nothing about attachment there.
I success to make outlook rest API request from my add-in follow https://dev.office.com/docs/add-ins/outlook/use-rest-api?product=outlook this tutorial . For example I success to get some message details), but I have 2 problems:
I can't add attachment with outlook rest API call to message.
I try to make call with the itemId like here:
https://outlook.office.com/api/v2.0/me/messages/" + itemId +"/attachments
The error I get is:
{"error":{"code":"ErrorAccessDenied","message":"The api you are trying to access does not support item scoped OAuth."}}
I try to change permissions(ReadWriteMailbox/ReadWriteItem) on manifest but nothing help..
Sometimes the call of Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function().... function work and return access token and sometimes return error , I don't know also what the reason.
The error I get sometimes is:
OSF.DDA.AsyncResult
error:OSF.DDA.Error
status:"failed"
Hope you could help me , thanks all!!
On #1, the error indicates that the token you have is scoped to just the current item. The REST API cannot use this kind of token for modifying attachments, so you get that error. The correct way that this should work is that you specify ReadWriteMailbox in your add-in manifest, and then the token you get back should be a mailbox-scoped token. However, there is currently a bug with desktop Outlook's handling of getCallbackTokenAsync that causes it to incorrectly still return an item-scoped token. That bug has been fixed but the update hasn't been publicly pushed yet.
If you want to check this, copy the token you get back and head over to https://jwt.io/. Paste it in the "Encoded" box and check the payload. If you see "ver": "Exchange.Callback.V1" it's the item-scoped token. If you see "ver": "Exchange.Callback.V2" it's the mailbox-scoped one.
On #2, I have no idea. It would be helpful if you could get a Fiddler trace on your Outlook client machine that catches the add-in making the token request.
I developed an Outlook Web Add-in that is working fine. It's a Taskpane that is available in compose mode of appointments and that collects event's data, adds a few ones and send that all to an API somewhere.
What I would like to do now is to subscribe the authenticated user to the Outlook Rest API in order to get notified when the event is deleted.
The subscription call should look like this one:
POST https://outlook.office.com/api/v2.0/me/subscriptions HTTP/1.1
Content-Type: application/json
{
#odata.type:"#Microsoft.OutlookServices.PushSubscription",
Resource: "https://outlook.office.com/api/v2.0/me/events",
NotificationURL: "https://myNotifAPI.azurewebsites.net/api/send/myNotifyClient",
ChangeType: "Deleted",
ClientState: "blabla"
}
I know I need to provide a valid Authentication Bearer Token when posting to the subscriptions URL so I tried to call this method in my Add-In:
_mailbox = Office.context.mailbox;
_mailbox.getUserIdentityTokenAsync(getUserIdentityTokenCallback);
In the function getUserIdentityTokenAsync, I call a WebApi Controller that validates my token and send it back to the Add-In:
AppIdentityToken token = (AppIdentityToken)AuthToken.Parse(rawToken);
token.Validate(new Uri(request.AudienceUrl));
return token;
I tried to use that token to Post to https://outlook.office.com/api/v2.0/me/subscriptions (using Postman) but I got a 401 saying:
reason="The audience claim value is invalid '<MyAddInURL>'.";error_category="invalid_resource"
Is it the right Token to use in that particular case or do I need to get another one? Any advices would be appreciated!
-- EDIT --
As suggested by #benoit-patra I tried to get a token using getCallbackTokenAsync instead of getUserIdentityTokenAsync but when I called https://outlook.office.com/api/v2.0/me/subscriptions I did receive a 403 :
"error": {
"code": "ErrorAccessDenied",
"message": "The api you are trying to access does not support item scoped OAuth."
}
As requested by #benoit-patra here's the Token content :
{
"nameid": "9d643d8c-b301-4fe1-83f7-bf41b1749379#57bcd3d9-685a-4c41-8c7d-xxxxxx",
"ver": "Exchange.Callback.V1",
"appctxsender": "https://localhost:44444/NewAppointment.html#57bcd3d9-685a-4c41-8c7d-xxxxxx",
"appctx": {
"oid": "3a8a4f92-a010-40bd-a093-xxxxxx",
"puid": "10033FFF9xxxxx",
"smtp": "max#xxxx.onmicrosoft.com",
"upn": "max#xxxx.onmicrosoft.com",
"scope": "ParentItemId:AAMkADE4NTk2MDNjLTI4NGEtNDZkNS1hMzg4LTE3MzI2NGJhZWRkZQBGAAAAAAD+YYA7CnMtRZsrwJ7l6m44BwCcSer9F+cXSrWNauuHQlZ7AAAAAAENAACcSer9F+cXSrWNaxxxxxxxx"
},
"iss": "00000002-0000-0ff1-ce00-000000000000#57bcd3d9-685a-4c41-8c7d-xxxxx",
"aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com#57bcd3d9-685a-4c41-8c7d-xxxx",
"exp": 1487087672,
"nbf": 1487087372
}
The previous answer is right, the error is because you are getting an item scoped token. Because previously Callback tokens only allowed a caller to call GetItem and GetItemAttachment REST APIs. We are making changes to the callback token so that clients can call REST of the APIs as well. The requirement is first you should have readWriteMailBox permission. Second get a REST callback token by providing isRest=true, like below
Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function (result))
The resulting token will have Mail.ReadWrite, Calendar.ReadWrite, Contacts.ReadWrite, and Mail.Send Scopes.
That said the isRest parameter is only supported for outlook mobile client right now. The work to support it on OWA and Outlook is in progress and we expect to release it by March.
You should use getCallbackTokenAsync() this is the JWT that will give you the AccessToken that will help you authenticating for the Outlook REST API
https://dev.office.com/docs/add-ins/outlook/use-rest-api
For your case, following the documentation, I think you will need ReadWriteMailbox to have sufficient permissions to register web hooks with Outlook REST API.
NOTE: I tried this on my add-in, I changed the add-in permission to ReadWriteMailbox but the JWT token when inspected with JWT.io still has for scope:ParentId=<itemid> which I think won't work. Tell me if you have the same problem here.
I'm trying to build me first app with office 365 API and have one big problem.
I'm trying to get main info about user with Office 365 API and Azure Active Directory and for that I'm doing:
1) Get access token. The http post request to https://login.windows.net/common/oauth2/token for token:
HEADERS:
Content-Type: application/x-www-form-urlencoded
POST DATA:
grant_type = authorization_code
client_id = *my_client_id*
client_secret = *my_client_secret*
session_state = e5fb6cd5-28f7-4dfc-b793-9ce8522534ac
code = *code_that_i_got_to_my_callback_url*
resource = https://outlook.office365.com/
I get response with access_token, refresh_token, id_token, resource etc.
2) I'm trying to get main info about user with access token:
Get request to https://outlook.office365.com/api/v1.0/me with
HEADERS:
client-request-id: *some_random_id*
return-client-request-id: true,
authorization: 'Bearer ' + *access_token*
Accept: '*/*'
But I get:
{ error:
{ code: 'ErrorAccessDenied',
message: 'Access is denied. Check credentials and try again.' } }
My app in AAD has max permissions for everything (sorry for russian):
I'm doing everything like here:
http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx
And the most interesting moment is that one week ago everything worked good (except that sometimes response time was about 30 sec) and I could get information about users.
And last thing.
On that page (http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx) you can find request to https://login.windows.net/common/oauth2/token with parameter prompt=admin_consent. It was working also week ago, but now if you try you'll get Bad Request (400).
Thanks for your question and sorry to hear about the trouble you are having with your first app. Can you please check the permissions for Office 365 Exchange Online and make sure the permission "Have full access to a user's mailbox" is NOT selected? See attached image for more details.
This is meant for access to a user's mailbox using an older API called Exchange Web Services, and not intended for Office 365 REST APIs. I think you are getting "Access Denied" for your REST API request because you may have selected this permission.
Let me know if you are still seeing an issue after removing this permission. Let me know if you have any questions or need more info.
Thanks,
Venkat