question

nyacharya avatar image
0 Votes"
nyacharya asked BenP-1732 answered

POX autodiscover requests using OAuth for O365 endpoint

Is it possible to make a POX autodiscover request using an OAuth token. The token has application access privilege for the EWS "full access as app" Office 365 Exchange Online permission.

Whenever I make a request with the token set using Bearer authentication, I get the following response

 <?xml version="1.0" encoding="utf-16"?>
 <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
   <Response>
     <Error Time="07:52:39.8644685" Id="1321019259">
       <ErrorCode>500</ErrorCode>
       <Message>The email address can't be found.</Message>
       <DebugData />
     </Error>
   </Response>
 </Autodiscover>

But the same request works with basic authentication. I am using this endpoint - https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml

The reason i am doing this is to fetch appropriate headers to make public folder requests

I am able to successfully query the SOAP autodiscover endpoint with same token.

office-exchange-server-dev
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BenP-1732 avatar image
0 Votes"
BenP-1732 answered MadanBisht-1762 commented

I am experiencing this exact problem (here's my question), and I found that OAuth works as long as you use delegated permissions instead of application permissions. I'm not sure if this will work in your scenario or not.

I used the EWS.AccessAsUser.All scope when requesting the token using a device code flow. Device code flow will require the following setting to be enabled in the app registration:
96036-image.png



image.png (17.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Strange I am also getting exactly the same problem but the above solution doesnt work for me.

0 Votes 0 ·
BenP-1732 avatar image
0 Votes"
BenP-1732 answered

@MadanBisht-1762 here's a sample of code I used to obtain an access token that worked for me:

 IPublicClientApplication app = PublicClientApplicationBuilder
     .Create("<your client id>")
     .WithTenantId("<your tenant id>")
     .Build();
    
 AuthenticationResult authResult = null;
    
 authResult = await app.AcquireTokenInteractive(new string[] { "EWS.AccessAsUser.All" }).ExecuteAsync();
    
 if (authResult != null)
 {
     _AccessToken = authResult.AccessToken;
 }

This will open up a login Window for authenticating with Azure AD, and if the user you are logging in as has not already consented to the requested scopes, you will be prompted to consent. The device code flow works similarly, and will ask for consent if not already granted. Another method I found useful was this one:

 authResult = await app.AcquireTokenByIntegratedWindowsAuth(new string[] { "EWS.AccessAsUser.All" }).ExecuteAsync();

This will only work if the user has already consented, but I found it useful for a background process to silently acquire a token. I was going to try caching tokens from an interactive login, but the Windows authentication worked, and was simpler.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.