My program needs to read and delete emails from an email account on Office 365. I was using Mailkit but it failed when calling Authenticate either from Pop or Imap. I learned that Office 365 disabled legacy username/password authentication. When I tried to use OAuth2, I hit a road block. I can't use delegated permission because my program is a non-interactive service. I can't use app permission either because I can't get permission from the domain admin. I've been working for days on the "supposed-to-be-simple" task without success. Anyone can help?
One of the workaround is to utilise Microsoft graph which allows you to leverage REST APIs and client libraries to interface with Microsoft 365, Windows 10, and Enterprise Mobility and Security services in Microsoft 365. Microsoft Graph allows you to access data with the right permissions.
Depending on your scenario, You can use Daemon tools which uses Client Credentials flow which enables service applications to run without user interaction.
Related
I want to build a daemon to read and write emails using my organisation's office 365 account. My team has a private Azure Instance (not linked with any O365) and i have no admin access to o365 other than my accounts credential. How can i build a daemon service that authenticate with ms-graph and read/write emails without any user interaction?
You need to have an application definition in the directory that has the Office 365 accounts.
You can either create it directly, or you can create it as a multi-tenant application in another directory.
In the latter case, you need to grant it access to the Office 365 tenant's Azure AD.
If you haven't worked with Azure AD and the Microsoft Graph API before, I recommend you check out the samples. There are some for node.js, but the principles are the same for all other environments.
I need the token in order to use office api discovery service (https://api.office.com/discovery/) to find SharePoint root url.
Is it possible to get access to Azure AD token from add-ins (Outlook/Office)?
Edit(To make things more clear):
As I'm building a multi-tenant Azure hosted app that should be launched via add-ins, I will have to force users to log-in in popup and give consent for application. Login is mandatory since in office add-in's we cannot find out who the logged in user is.
You can follow the documentation here on how to retrieve an authorization token - https://graph.microsoft.io/en-us/docs/platform/rest from Azure AD for the use of finding the root URL - also you can use the Microsoft Graph, which is the newer version of the Discovery service (more details about it again at the link provided).
Since I have my users log in and password, can I silently log into their Microsoft Graph?
I want to fetch info from Office 365 API from a server app, so therefor I cannot have a Microsoft Login Window popping up.
Thanks
You want to use the confidential client flow for authenticating the Graph API. See the section "Daemon or Server Application to Web API" in this document for details. Of course you'll need to be the admin of you Azure AD, or have the admin's trust and blessing, in order to use this flow as the user isn't involved in the process themselves.
I've been trying to use it for calendaring apps. The flow login works fine but be aware that there are some limitations on using the Graph API with this authentication flow type (specifically interacting with Unified Groups calendars in my case).
I want to integrate one drive for business into my windows forms application in Visual Studio 2008. I have followed the link "https://dev.onedrive.com/auth/aad_oauth.htm" for registration in Azure and authentication into Office 365. I am able to get the "https://{tenant}-my.sharepoint.com/_api/v2.0/me" url for the logged in user and also the access token for calling one drive api's. But when I call the API to get the default drive or the files present at root level in the one drive business account, I get an unauthorized access error, Error:401. I have tried all the permutations and combinations of permissions (namely, Windows Azure Active Directory,Office 365 unified API, Office 365 Management APIs, Office 365 Sharepoint Online, Office 365 Exchange Online, Windows Azure Service Management API).
Please suggest what else could I be missing?
This person "Not able to use One Drive API for One Drive for Business" also had the same problem.
And I have the same problem, but it's a API bug.
I founded this on OneDrive for Business API item/file download content 401.
Thanks
I'm trying to generate, through the Windows Azure Management Console, an API key that will allow me to make requests for Exchange Calendar Data (I need access to the Office 365 Exchange Online API set).
I am trying to get to this - from a help post I saw. Unfortunately, I only have these options.
However, I don't have access to the Office 365 permissions set for the application I created, and I can't figure out how to get access. Do I have to have an Office 365 organization account?
A few more details: the application itself is in my default directory, and it isn't multi-tenant. Thanks.
In order to create an application with Azure AD that uses Office permissions, I had to register for an Office 365 account with the same account that I used to create the application in the Azure Management Console. You probably won't see those permissions unless you have signed up for Office 365.
I signed up for a free trial and let it expire, and I was still able to use the requisite application permissions for Office. My Azure free trial also expired, and I was still able to use AD as I had before, and my application can still make API calls.