Reputation: 639
Can't authenticate to Skype For Business Online UCWA
I'm having trouble authenticating to S4BO. I have registered my app (in azure portal) and it's working correclty with the webSDK demo at https://ucwa.skype.com/websdk The process I follow is the following one:
I do a OAuth link redirect with the following code:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&resource=https://webdir.online.lync.com&redirect_uri=http://myurl.dev/skypeGet the auth code that has been returned and use it to generate an access token:
POST https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=db01d1f5-f2a3-4d82-b4bc-6b3b4071d7df&resource=https://webdir.online.lync.com&redirect_uri=http://acme.intranet.dev/skype grant_type=authorization_code code=$thecodehere client_id=$clientidhere client_secret=$clientsecrethere redirect_uri=$sameuriasbeforeAfter this I have my access token. Now I need my user url. So I do autodiscover
GET https://lyncdiscover.mydomain.onmicrosoft.com
and I receive a result something like:
{
"_links": {
"self": {
"href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=mydomain.onmicrosoft.com"
},
"user": {
"href": "https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=mydomain.onmicrosoft.com"
},
"xframe": {
"href": "https://webdir1e.online.lync.com/Autodiscover/XFrame/XFrame.html"
}
}
}
I try to log in at the user url:
GET https://webdir1e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=mydomain.onmicrosoft.com HEADERS: Authorization: Bearer + theAccessTokenFromAbove Referer: https://webdir1e.online.lync.com/Autodiscover/XFrame/XFrame.html
And after this I get 403 Unathorized. Where am I going wrong?
Upvotes: 1
Views: 1226
Answers (1)
Reputation: 1404
- Get the auth code that has been returned and use it to generate an access token
On this step as a resource you need to specify resource=https://webdir1e.online.lync.com (notice 1e) to get access to this particular hub.
Actually you will have to authenticate on every new server starting from this point, so on all the webdirXX and then on the webpoolXXXXX.
I wrote a huge interactive article that describes the requests flow in detail (after myself spending a week to reverse engineer how outlook.com does that because MSDN documentation is - at least at the time of writing this - incomplete and incorrect), maybe it can be of use:
If you configure app redirect URL to the article URL (temporarily of course), you can even test the queries right from there.
Additionally, autodiscovery and authentication code "in one piece" can be found on Github (with live demo):
Upvotes: 0
Related Questions
- Can't sign in to UCWA
- Skype For Business Online Authentication Error - 403 Permission Denied
- Authentication using Azure AD, failing at last step accessing Skype for Business
- Skype for Business in Azure UCWA authentication - Issued token not accepted
- Unable to login to Skype Web SDK Samples
- UCWA 'Offline' status - invalid
- How to get authorization to UCWA and Skype Web SDK?
- UCWA and Skype Web SDK not working?
- Skype for Business UCWA oauth problems, error 401 when try create ucwa applications
- Skype for business web sdk 401 Unauthorised when trying to login