question

SimonHain-4497 avatar image
0 Votes"
SimonHain-4497 asked ·

Access both EWS and Graph

Hello,

we have an application that utilizes Exchange Webservices (EWS). For accounts on O365 we user OAuth2/ModernAuth via MSAL.
I would like to add functionality that is only available via the Graph API, for example creating an online meeting.

According to https://docs.microsoft.com/en-us/outlook/rest/compare-graph#moving-from-outlook-endpoint-to-microsoft-graph

you cannot mix permissions for one endpoint with permissions for the other in a single request

My default authorization is EWS.AccessAsUser.All, and for the calendar operation i need Calendars.ReadWrite.
I have tried the following scenarios:

  1. Use both scopes (prior to reading the article linked above). Results in a token that can be used for Graph, but gets a 401 on EWS

  2. Aquire a token with EWS permission. Then use MSAL acquireTokenSilent with the graph scope. Gives me the same token for both, resulting in an "Invalid Audience" error on the Graph API

  3. Use interactive authorization (MSAL acquireToken). This gives me a second token with the correct scope, but now i have to present the user with two authentication flows and would probably have to retain two separate IMultipleAccountPublicClientApplication instances (which i have not tried yet, maybe not even possible)

Any tips on how i can use both EWS and Graph API?



office-exchange-server-dev
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SimonHain-4497 avatar image
0 Votes"
SimonHain-4497 answered ·

I have found the solution to the issue: Qualify the scope of the second call with https://graph.microsoft.com/
The problem was, that the unqualified scope gave me a token for the outlook.office.com endpoint, not for the graph.microsoft.com endpoint.
As both endpoints offer the same functionality (unless they don't, see link above) this had me quite confused for some time.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.