none
OAuth authentication to the Office365 Third-Party-Data Archive Endpoint RRS feed

  • Question

  • Hi,

    We have an application that writes data to the Microsoft Office365 Third-Party-Data endpoint (https://docs.microsoft.com/en-us/microsoft-365/compliance/work-with-partner-to-archive-third-party-data?view=o365-worldwide). This endpoint uses EWS to receiving email formatted data. Again, we have a product that works successfully with the endpoint (https://office365ingestionsvc.gble1.protection.outlook.com/service/ThirdPartyIngestionService.svc) using BASIC authentication.

    With the knowledge that Microsoft will stop supporting BASIC authentication for EWS later this year, I've added an OAuth path in our product. No issues generating the Token, refreshing, etc. However, when I attempt to send a message to the endpoint above, it fails. I am able to successfully send messages to the standard Office365 endpoint, "https://outlook.office365.com/ews/exchange.asmx" using the same OAuth token.

    I've tried both of the following SCOPE settings:

    https://outlook.office.com/EWS.AccessAsUser.All

    https://outlook.office365.com/EWS.AccessAsUser.All

    When I use my OAuth token against the Third-Party endpoint, I get the following error message:

    "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "

    This is returned as an HTML page on an EWS TRACE, not as an XML response, as expected.

    Anyone have any idea?


    Curt Robinson crobinson@17a-4.com CTO 17a-4, llc t. 203-816-0065

    Monday, April 27, 2020 3:25 PM