I am using outlook mail api, and trying to get emails from a shared mailbox.
Currently the mails of the user mailbox are fetched. I cant find a way to keep the same user but different mailbox.
No, it isn't (at least not currently). When you use the Authorization Code Grant flow to log in a user, the user consents only to allow the app to access their information. That consent doesn't include other folks information that they've shared with that user.
If you change your application to use the Client Credentials flow, then an administrator can grant the application access to all mailboxes in their organization. That's not quite the same scenario, but if your app needs to access multiple mailboxes, it might be a better solution for you.
Related
I am building a service where I need to fetch certain messages from different users' Gmail inboxes. I have searched for a way to do this, only to keep stumbling on google OAuth flow. Is there a way I can authenticate with Gmail API, without the OAuth flow, and access different users inbox and fetch the messages? Because I won't be needing a GUI as this service will run on a server.
The first thing you need to understand is the diffrence between private and public data. Public data is data that is data that you can access without permisison. For example public videos uploaded to YouTube. Google holiday calendars on Google calendar.
private data is data that is owned by a user, to access that data you need the permission of a user with access.
To access some ones personal Gmail email account you need their permission the only way to get that permission is to use Oauth2. YOu will need to use oauth2 to request consent of the user once the user has consented if you also requested offline access you will get a refresh token. The refresh token can then be used by your backend system to request a new access token when ever it needs to. This access token can then be used to access the Gmail api.
As you have stated these are standard gmail accounts you want to access. There is no other option. A user must grant you access to their data.
I want to send emails using Microsoft Graphs API from a backend service developed in node.js, that has no interactions with the user.
If I understand it correctly from this paragraph, if I use the Get access without user procedure, the administrator will have to give me some rights and then I will have those rights on every user account in the organization. This is not my goal, I only want to have those rights for one specific account, for which I have the login and password.
Is there a way to log in with an office365 account without user interaction?
Thanks :)
No. You need to have the user authenticate in order to obtain the initial access token and refresh token (to refresh your permission to access the account).
I've developed a feature on my web-site that allow to log-in using Azure.
So users in my web-site can sign-in using:
Azure (OAuth2). We're using a multi-tenant app. We're just using the application to log in users. So we don't really use the Access-Token to make requests. We just use the access-token to obtain the user email (decoding it with JWT).
Their own email-password they can set on my site.
This creates a problem:
Imagine an person that starts working in a company. The IT team give him an email that belongs to their azure account (with their account domain). This team also have an account on my site (configured with the same domains they use on Azure). So this user will try to log in my site using his credentials. We'll create his profile on their company account (due to the email domain). He sets his password. Sometimes he use Azure to log-in and sometimes he use his email-password to log-in.
The next month and, this person get fired. The IT team delete him from Azure. Although, the IT team forget about deleting him also on my site. So this user has permissions to sign-in with his email-password credentials and still be able to see private information (he can even delete private files).
I would like to know if there is a way to sync my app with every Directory that is using it. So I would be able to receive user action notifications (like user deletions). It would be great to receive a call to an endpoint with information about users important actions. This way we'll be able to delete the user also from our platform. So the company can forget about deleting an user on my site without having the stolen-information problem.
PS: I've seen you have a logout sync using SAML, but I wonder if we would be able to receive other kind of notifications, because we don't want to log-out the user when this logs-out from Azure.
If you have permission from the ex-user tenant administrator to access their directory, you can check if the user is listed or not by using Microsoft Graph API
I've been talking with microsoft support and there is no way of having microsoft calling our endpoint to receive some notifications.
So the only solution is ask for admin permission or, having the refresh_token from Oauth2, check the user still appears on Graph (https://graph.microsoft.com/v1.0/me).
The question is specific to gmail business/ educational accounts. In order to read emails from a gmail account i have written a dll in c++ which executes IMAP commands and then parses their responses. With the current IMAP implementation i need to login to each users mailbox with his username and password information. So i was wondering if there is any option in gmail business with which i can login to multiple users in a domain with single admin users credentials and without to need to get password from each indivdual user in the domain?
You could create a Service Account in the Google Developers Console and give it access to the Email scope for the domain. Whenever you want to access a mailbox, you'd obtain an access token (which can be cached for up to an hour) and then use it with the XOAUTH2 SASL for authentication.
https://developers.google.com/gmail/xoauth2_protocol
Being authenticated as user1, i'd like to retrieve mails of all the users who have delegated access to user1.
So i have two problems :
Retrieve all the accounts that have delegated access
Retrieve the mails
The emails-settings-API gives acccess to delegates, not delegators.
Is there a way to do that progamatically.
Feel free to ask for more information
To find out who has given you delegated access to their account, you would need to perform the retrieve delegates API call:
https://developers.google.com/google-apps/email-settings/#retrieving_all_gmail_delegates
for all users in your Google Apps instance.
Programmatic access to a user's gmail mailbox is provided by IMAP OAuth logins:
https://developers.google.com/google-apps/gmail/oauth_overview
However, there is currently no way for a delegate to access a delegators mailbox via IMAP so I'm afraid you're out of luck.
If you are an administrator, you can use IMAP OAuth login along with service accounts:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
this will give you programmatic access to all users in your Google Apps instance.
Jay