none
How to read user's mailboxes and calendars RRS feed

  • Question

  • Hi,

    I'm working with the office rest api and I want to read user's mailboxes, read and write calendars.

    I have an admin account, I request the authorize endpoint and next, the token endpoint providing the authorization code.

    The token endpoint returns me the access_token and refresh_token, but when I request to https://outlook.office.com/api/v2.0/users/someuser@example.com/messages, I have this error

    '{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}'

    I think I have correctly configure the rights in the Azure Management.

    Someone can help me ? 

    Thanks you

    Tuesday, August 2, 2016 7:48 AM

All replies

  • Hi,

    At present O365 REST APIs allow access to mail, calendar and contacts belonging to the authenticated user. So, your scenario of access any user’s calendar is not supported at this time. If you are able to run an app on a server, you can build a service app that requires admin consent, but is authorized to access any mailbox/calendar information in the Office 365 tenant. The application has it's own credentials that are used to authenticate & obtain an access token form a token issuer .You will need to make your native app talk to the app running on the server . Please check below article :

    https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-daemon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow/

    Best Regards,

    Nan Yu

    Wednesday, August 3, 2016 2:49 AM
    Moderator
  • Thanks you

    I had already try this way. But how I can make a token with the certificates file ? When I try to make this token, the endpoint return me :

    public 'token_type' => string 'Bearer' (length=6)
          public 'expires_in' => string '3600' (length=4)
          public 'ext_expires_in' => string '3600' (length=4)
          public 'expires_on' => string '1470214672' (length=10)
          public 'not_before' => string '1470210772' (length=10)
          public 'resource' => string '00000002-0000-0000-c000-000000000000' (length=36)
          public 'access_token' => string '---'... (length=1119)

    And when I try to retrieve https://outlook.office.com/api/v2.0/users/someuser@example.com/messages, I have nothing, no errors, no datas

    C:\wamp\www\ApiOfficeTest\index.php:33:string '' (length=0)
    Thanks you again for help me 

    PS : I make this app in PHP



    • Edited by flyzzx Wednesday, August 3, 2016 1:27 PM
    Wednesday, August 3, 2016 8:02 AM
  • Hi ,

    How do you get the token you shared ? Please remember not show veritable in public forum . You could refer to below link for Office 365 OAuth2 client credential flow Example in PHP :

    https://github.com/therealmarknelson/php_office365_cleintcred 



    Wednesday, August 3, 2016 9:09 AM
    Moderator
  • Thanks for your link !

    I request my token like this :

        public static function createToken() {
            //Token HEADER
            $tokenHeader = array();
            $tokenHeader["alg"] = "RS256";
            $tokenHeader["x5t"] = "MASKED";
    
            //Token PAYLOAD
            $tokenPayload = array();
            $tokenPayload["aud"] = self::$authority . self::$tokenUrl;
            $tokenPayload["iss"] = self::$clientId;
            $tokenPayload["sub"] = self::$clientId;
            $tokenPayload["jti"] = self::makeGuid();
            $tokenPayload["nbf"] = \time();
            $tokenPayload["exp"] = \time() + 100000;
    
            $encodedToken = base64_encode(json_encode($tokenHeader)) . "." . base64_encode(json_encode($tokenPayload));
            $pck = file_get_contents("AAD.pfx");
            openssl_pkcs12_read($pck, $certif, "PASS_MASKED");
    
            openssl_sign($encodedToken, $signature, openssl_pkey_get_private($certif["pkey"]), "sha256WithRSAEncryption");
            //var_dump($certif, $signature, openssl_error_string());
            $encodedToken = $encodedToken . "." . base64_encode($signature);
            //$encodedToken = str_replace("=", "", $encodedToken);
            //var_dump($tokenHeader, $tokenPayload, $encodedToken);
            return $encodedToken;
        }
    
        public static function refreshToken($redirectUri) {
            $token_data = array(
                "ressource" => "https://outlook.office365.com",
                "client_id" => self::$clientId,
                "grant_type" => "client_credentials",
                "redirect_uri" => $redirectUri,
                "client_assertion_type" => "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
                "client_assertion" => self::createToken()
            );
    
            //var_dump($token_data);
    
            $token_request_body = http_build_query($token_data);
            error_log("Request body: " . $token_request_body);
    
            $curl = curl_init(self::$authority . self::$tokenUrl);
            curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); //Option pour retourner directement le transfert sous forme de chaine
            curl_setopt($curl, CURLOPT_POST, true); //cURL HTTP POST
            curl_setopt($curl, CURLOPT_POSTFIELDS, $token_request_body); //Data du HTTP POST
            //curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    
            $response = curl_exec($curl); //cURL execution
            error_log("cURL execution is done !");
            curl_close($curl);
            return json_decode($response);
        }



    • Edited by flyzzx Wednesday, August 3, 2016 1:29 PM
    Wednesday, August 3, 2016 1:16 PM
  • Hi ,

    Still not get the email ? Have you checked whether there are emails in your mailbox ?

    Thursday, August 4, 2016 1:41 AM
    Moderator