Authenticate and fetch EWS data using OAuth token

[Surbhidhingra]

I am trying to build an android app using EWS-java-api to fetch EWS data with an oAuth2 token for office365 users using active directory authentication lib for android. similar to what is shown in this article for .net

Below is the code:

// Code to acquire token after registering the native application in Azure active directory

authenticationContext.acquireToken(<activity context>, "<resource id: copied from the manifest file tag <resourceAppId> of Azure active directory after adding permission>", "<Application id of the registered app in AAD>", "<Application Redirect URI>", email, PromptBehavior.Always, "", AuthenticationCallback);

//We receive AuthenticationResult object containing authentication token in AuthenticationCallback onSuccess method and then call an async task to fetch EWS data

ExchangeService exchangeService = new ExchangeService(); exchangeService.setTraceEnabled(true); exchangeService.getHttpHeaders().put("Authorization", "Bearer " + mAuthenticationResult.getAccessToken()); exchangeService.setUrl(URI.create("https://outlook.office365.com/EWS/Exchange.asmx"));

I am able to get oAuth token, but i am not able to receive exchange data, it gives me unauthorised and forbidden access when fetching data using below code.

CalendarFolder cf = CalendarFolder.bind(service, WellKnownFolderName.Calendar); findResults = cf.findAppointments(new CalendarView(startDate, endDate));

Also, i am not sure about the configuration i am setting up in azure portal. It would be great if you can tell how to setup Azure AD application for fetching EWS data via oAuth authentication in android.

[kb000]

From debugging and reading the code, it looks like there's no plumbing for the Bearer token (aka access_token) to be added to the http request.

Looks like a good candidate for a pull request.

Disclaimer: I am a Microsoft employee, but am using this framework as a student.

[dsebastien]

Any news about this? Even with the class you've developed, we always end up with an authorization error, although the token was just retrieved and is still valid.

I'm not familiar with the code so it's a bit unclear to me what the EmailMessage.bind(...) actually does (i.e., call a REST or SOAP API). Don't know if it might help, but my scenario is as follows:

1) an O365 Mail plugin uses "Mailbox.getCallbackTokenAsync" to get a token (valid for 5 min): https://msdn.microsoft.com/en-us/library/office/jj984589.aspx 2) that token and the mail id are sent to another web service (in Java) whose purpose is to retrieve the mail and its attachments to save them in a database

I'm blocking with (2) because I don't know how to make the calls. Should this be possible with your patch?

[kb000]

I’m not sure if my patch will work for you, but it’s probably a good start. I found that the only sure route to avoiding authentication errors with a bearer token was to request the “Access mailboxes as the signed-in user via Exchange Web Services” permission. You might find more help here: https://blogs.msdn.microsoft.com/webdav_101/2015/05/11/best-practices-ews-authentication-and-access-issues/

You can try out my patch by pulling the class into your project, like I did here: https://github.com/bookaroom/RESTApi/blob/master/src/com/comeet/exchange/BearerTokenCredentials.java