Outlook restapi is not working
I am folllowing the doc https://dev.outlook.com/RestGettingStarted/Tutorial/python
I got a developer preview account (devxxxx#outlook.com) from outlook and I created an app in https://apps.dev.microsoft.com/
So my idea is to view contacts of people from their outlook account by connecting to this app through oauth2.
When I connect with the same account (devxxxx#outlook.com), I am getting correct credentials(like access token, token_id, etc.) and I can communicate with rest API through these credentiasls and is working fine, I can able to viw the contacts.
But when I try to connect through different account (ex: geo.jacobxxx#outlook.com) as usual I am getting correct credentials(like access token, token_id, etc.), But I am not able to play with rest API, I am getting error response as
404: {"error":{"code":"MailboxNotEnabledForRESTAPI","message":"REST API is not yet supported for this mailbox."}}
Please help.
You can only connect to the specific account that you got from the Outlook Dev team via the Outlook REST APIs. You won't be able to connect to accounts that have not yet been enabled for the Outlook.com preview.
We are working as fast as we can to get everyone enabled, but for the time being you'd need to test and develop only against that account we gave you, and other accounts that have been moved over.
Related
I'm finding a way to automate the authentication from AAD with python.
In the past i used username and password for login to OneDrive and it worked properly. Here is the code:
pca = msal.PublicClientApplication(CLIENT_ID, authority=AUTHORITY_URL)
token = pca.acquire_token_by_username_password(USERNAME, PASSWORD, SCOPES)
Now, that i have two factor authentication i cannot use the same code to access OneDrive account.
I've searched the internet but all the solutions that i found requires to open the browser, and i can't do this because python script is a chronjob and runs in the late night. I need a solution that works in "background" without any action required.
Possibly it's better if there is a solution with MSAL library due to some permissions that i should request if i would change the library.
Thanks for the help!
You might consider using the Client-Credentials Grant flow or OAuth2. You would have to modify your cronjob to move away from fetching a token on behalf of the user and update it to acquire a token as the application using the application's identity (the app registration done in AAD). Upgrading to client-credentials flow, which is actually designed for scenarios similar to yours, will help you in situations where you cannot afford user interaction and you want the service to work in the backend.
For more information on Client-Credentials flow, check here.
Also, you can refer to the following python app that implements client-credentials flow:
Call Microsoft Graph API using App Client Secret
Call Microsoft Graph API using App Client Certificate:
I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.
AADSTS50126: Error validating credentials due to invalid username or password.
I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.
There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.
You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.
When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.
Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication
We do "Application User" concept in Dynamics CRM for the same approach. Read more
I am trying to compose drafts programmatically via the GMail API, using this tutorial and the following line of code:
service.users().drafts().create(userId=user_id, body=message).execute()
but I receive the following error:
An error occurred: <HttpError 403 when requesting https://www.googleapis.com/gmail/v1/users/me/drafts?alt=json returned "Insufficient Permission">
Note that directly sending messages with gmail.send privileges does not work for me - I want to thread messages.
In the API console, I tried enabling the following scope ../auth/gmail.compose, but there is a warning message that Because you've added a sensitive scope, your consent screen requires verification by Google before it's published.
I have submitted my app for verification, but I just received an email stating that "We've extended the deadline to fully complete your verification from May 15th to June 26th, 2019".
Actually, no users will use my G Suite email accounts (so my app cannot be used to spy on their messages) and I only need access to a single email account info#example.com to send notifications to users who use my site on example.com.
Is there any way to get server-side access to my info#example.com account using my password and programmatically draft messages without having to go through the lengthy and unnecessary app verification process?
It turns out that you can have an "internal", rather than a client facing "public" app, for which all GMail scopes are automatically available.
Here is the response from the Google team that describes the steps (it worked for me):
It appears your app is only used by the people in your domain.
If this is correct, please reply to this email to confirm that is the
case. We will then reject your request so that you are able to update
your project from public to internal.
In addition, you will need to associate your project with your
organization by following the steps below:
If you have not already done so, create an Organization by following
the Quickstart Using Organizations instructions.
Migrate the project into the organization you created as shown in
Migrating Existing Projects into the Organization. Once you have
associated your project with your organization, you and the project
users in your organization can use the app to directly access OAuth
scopes. No verification will be required.
I have a script (that I did not write) that uses basic authentication to access email boxes online. The script uses the following code:
from O365 import Connection
Connection.login(user, password)
It recently failed. Doing a bit of research I got the following error:
'Basic Authentication for Outlook REST API is no longer supported...'
I found some information on https://aka.ms/BasicAuthDeprecated:
Last year, we announced that in November 2018, we will stop
supporting Basic Authentication in the Office 365 Outlook REST API
v1.0 and this is a follow up announcement to reiterate that we will
be decommissioning Basic Authentication in Outlook REST API v1.0 this
month. This means that new or existing apps will not be able to use
Basic Authentication in v1.0 and Beta versions of Outlook REST API
starting December 2018.
If you have been using Basic Authentication in Office 365 Outlook REST
API v1.0/Beta in your app, you should immediately transition to
Microsoft Graph- based Outlook REST APIs to continue accessing
Exchange Online data.
Web authentication is not my strong suit and I'm not sure what I need to do here. Looks like some sort of registration/token generation is required.
You will need to use OAuth for authenticating with O365 as BasicAuth is not supported anymore.
https://pypi.org/project/O365/#authentication has details on the Python library integration with OAuth.
Circling back to this, so that others see this, the code example in the authentication section works:
from O365 import Account, FileSystemTokenBackend
credentials = ('id', 'secret')
# this will store the token under: "my_project_folder/my_folder/my_token.txt".
# you can pass strings to token_path or Path instances from pathlib
token_backend = FileSystemTokenBackend(token_path='my_folder', token_filename='my_token.txt')
account = Account(credentials, token_backend=token_backend)
# This account instance tokens will be stored on the token_backend configured before.
# You don't have to do anything more
# ...
When you run the code, it'll provide a url which you paste into a browser, and will provide a new url that you need to copy into code, which will authenticate and provide the token for further usage.
Box.com supports different authentication method, OAuth2 and JWT. I'm currently using OAuth2 with develop tokens, which works just fine. The developer tokens expires within an hour so I can't use this in our production.
I'm using the python SDK to upload files to box, and there is no user interaction here at all. It seems like I can't use the OAuth2 authentication method since there is no users uploading (automatic script), am I right?
The JWT authentication method requires an enterprise id, which I can't find. I used this page as reference: https://box-content.readme.io/docs/box-platform
I've logged in as an co-admin in box, but can't find the enterprise id or Custom apps under the APPS menu.
Is there anything I have missed?
You have to use JWT to make server to server api call. you can find your enterprise ID in you Admin Console-->Enterprise Setting--> Account Info-->Enterprise ID.