OAuth Authentication to EWS RRS feed

  • Question

  • I'm having trouble getting OAuth credentials to work with EWS in Office 365.  At a high level I'm writing a SharePoint 2013 app and I'm trying to access the user's mailbox data in Exchange.  I did verify my EWS code is 'correct' by swapping out the OAuth code for a hard coded username and password and it worked perfectly.

    I get a token back using the code below, however I'm getting a 401 when I try to get the access the user's inbox.  I left it off for brevity, but I am passing the token into a new OAuthCredentials object before accessing the inbox.

                string acsUrl = "";
                using (WebClient exchangeTokenClient = new WebClient())
                    exchangeTokenClient.BaseAddress = acsUrl;
                    NameValueCollection requestParams = new NameValueCollection();
                    requestParams.Add("grant_type", "client_credentials");
                    requestParams.Add("client_id", "<clientid>@<realm>");
                    requestParams.Add("client_secret", "<client secret>");
                    requestParams.Add("resource", "00000002-0000-0ff1-ce00-000000000000/<realm>");
                    exchangeTokenClient.Headers.Add("Authorization", "Bearer " + ((SharePointAcsContext)spContext).UserAccessTokenForSPAppWeb);
                    byte[] responseBytes = exchangeTokenClient.UploadValues("<realm>/tokens/OAuth/2", "POST", requestParams);
                    string response = Encoding.UTF8.GetString(responseBytes);
    The more that I think about this, the more I wonder if my 'app' needs rights on the exchange server and if that is what the root cause of the 401 is.

    Has anyone actually done this?  I feel like it should be possible, but I can't seem to find a lot of documentation on the process.




    Tuesday, March 4, 2014 12:12 AM

All replies

  • Sorry for not updating this question.  This is much easier now with the new preview APIs for office 365.  Essentially I was right in initial assumption and that we were not authorized for exchange. If you follow the steps in setting up an app you will get an MVC app that can talk to exchange.

    There are a couple gotchas though, although to be fair I haven't had time to go back and look at this yet.

    • The app that you create with the o365 preview API will have a client id and secret, but SharePoint won't be aware of it - it is only set up in Azure ACS.  You could register an app with SharePoint using that id and secret, but I believe that it would be a different identity.  I imagine that they will clear this up as the APIs get out of preview.
    • I still run into some CORS problems if I try to wrap the exchange code in a REST service.  I believe that the root of the problem is that the ACS service does not have the appropriate cross origin headers set up to allow for the redirect to work.  So for now you can use this approach, but stick with an iframed page of an MVC app.

    Let me know if that make sense.


    Thursday, April 24, 2014 12:38 PM
  • Is there any way to do token based authentication (such as Oauth to EWS) for Microsoft Exchange Server 2013 rather than the Office 365 version?


    Tuesday, June 10, 2014 9:07 AM