Reputation: 13
Azure ADAL OutlookServiceClient cannnot get data for non-admin account
I am using Azure AD and Office 365 APIs to do the OAuth in my project. My problem is I can only have admin account (like "[email protected]") authorized and get data, but non-admin regular account (e.g., "[email protected]") cannot.
How I implement the OAuth2
- Get the Authorization code:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id={my client Id}&redirect_uri={redirect uri}&resource=https%3A%2F%2Foutlook.office365.com%2F&state={guid}
- Get access token and refresh token:
TokenCache tokenCache = new TokenCache();
ClientCredential credential = new ClientCredential(clientId, clientSecret);
AuthenticationContext authContext = new AuthenticationContext(authorityUrl, tokenCache);
AuthenticationResult authResult = authContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(redirectUri), credential, recourceUri);
string accessToken = authResult.AccessToken;
string refreshToken = authResult.RefreshToken;
- Get user's data (e.g., calendar events):
OutlookServicesClient outlookClient = new OutlookServicesClient(new Uri(recourceUri + "/api/v2.0"), async () => { return accessToken; });
List<Event> microsoftEvents = new List<Event>();
var events = await outlookClient.Me.Events.Take(10).ExecuteAsync();
foreach (IEvent calendarEvent in events.CurrentPage)
{
Event microsoftEvent = new Event
{
Subject = calendarEvent.Subject,
Body = calendarEvent.Body,
Location = calendarEvent.Location,
Start = calendarEvent.Start,
End = calendarEvent.End
};
microsoftEvents.Add(microsoftEvent);
}
Note:
- I am not sure if it is caused by Azure AD permission setting, so all available permissions are granted for "Windows Azure Active Directory" and "Office 365 Exchange Online" for now.
- I did not pay for this Azure AD. I have an Office 365 Developer Account, and there is a link to AAD inside of Office Admin Centers. Not sure if this is the reason. Do I need to pay for an additional AAD subscription?
Update on 11/2/2016
Previous misunderstanding about accounts. Accounts like "[email protected]" are Office 365 accounts, not admin accounts. Hotmail accounts are actually regular microsoft accounts.
Mentioned by Jason, that Azure v1 endpoints do not support for microsoft accounts authorization. This is mainly pointing to the Authorization code generation.
The Azure AD application must be created in the new portal (https://apps.dev.microsoft.com). Otherwise, it would report Application not supported issue.
Upvotes: 0
Views: 153
Answers (1)
Reputation: 17702
You said you granted ALL permissions for Exchange and Active Directory. Some of those permissions require an administrator, which is likely you're problem. You should only grant the permissions that your application requires.
Upvotes: 1
Related Questions
- How to allow all Outlook users to Use MS OAuth2
- Azure AD Service Principal client credentials grant AUTHENTICATE failed accessing outlook.office365.com mailbox via IMAP
- Retrieving Emails from Office365 using OAuth2.0
- 401 unauthorized outlook.office.com api Azure AD v2 authentication endpoint
- Office 365 Mail API: Admin access token to access everyone's emails
- Office365 OAuth API returns error "AADSTS90093: Does not have access to consent"
- Accessing Calendar, Mail and Contacts of an OAuthenticated user
- Office 365 Rest Api Having issues getting access token
- Office365 REST API. Getting a 401 (Unauthorized) using ADAL
- Azure AD OAuth2 No permission to access user information