search

OfficeDev / ews-managed-api

Other
585 stars 320 forks source link

InstallApp fails only with OAuth (Http 403) #214

Open ghost opened 5 years ago

ghost commented 5 years ago

We have converted our application from using basic authentication to using OAuth. Everything is working fine, with the exception of InstallApp that should install our office addin to the users account. Even UnInstallApp works just fine with OAuth.

The exact same code works, if we switch from OAuth to Basic auth.

Request (replaced sensitive information with [...])

POST https://outlook.office365.com/ews/exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/15.00.0913.016
Accept-Encoding: gzip,deflate
X-AnchorMailbox: […]
Authorization: Bearer […]
Host: outlook.office365.com
Request-Id: |a4757b218bcffc4ebc55ff4fe285f8ed.7664445d_1.
Content-Length: 3478
Expect: 100-continue

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <t:RequestServerVersion Version="Exchange2015" />
    <t:DateTimePrecision>Milliseconds</t:DateTimePrecision>
    <t:ExchangeImpersonation>
      <t:ConnectingSID>
        <t:SmtpAddress>[…] </t:SmtpAddress>
      </t:ConnectingSID>
    </t:ExchangeImpersonation>
  </soap:Header>
  <soap:Body>
    <m:InstallApp>
      <m:Manifest>[…]</m:Manifest>
    </m:InstallApp>
  </soap:Body>
</soap:Envelope>

Response

HTTP/1.1 403 Forbidden
Cache-Control: private
Server: Microsoft-IIS/10.0
request-id: 17319ceb-2449-42c4-9664-f42a0db1a0e6
X-CalculatedBETarget: HE1PR0302MB2620.eurprd03.prod.outlook.com
X-BackEndHttpStatus: 403
Set-Cookie: exchangecookie=14486433c0534867b71e9fc140b05abc; expires=Fri, 22-Nov-2019 14:14:45 GMT; path=/; HttpOnly
X-RUM-Validated: 1
x-ms-appId: […]
X-AspNet-Version: 4.0.30319
X-BeSku: Gen9
X-DiagInfo: HE1PR0302MB2620
X-BEServer: HE1PR0302MB2620
X-Powered-By: ASP.NET
X-FEServer: HE1PR06CA0152
Date: Thu, 22 Nov 2018 14:14:45 GMT
Content-Length: 0

@davster Can you confirm if there is an issue on your end?

dsanghan commented 5 years ago

@JTvermose Did you figure this out? Having a similar issue for our app.

ghost commented 5 years ago

@dsanghan No :-(

ghost commented 5 years ago

@dsanghan

We eventually solved it by using the Behalf-of-Flow, which requires additional permissions to the Azure app and that the user signs in with their account and grants us permission. https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow

dsanghan commented 5 years ago

@JTvermose Ok thanks, I'll try that out. Pretty frustrating when things don't work according to spec.