search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
690 stars 95 forks source link

Missing Scope for Outlook shared folder when trying to send mail using Outlook REST API #2619

Closed DunkTracker closed 2 years ago

DunkTracker commented 2 years ago

Trying to Send Outlook Shared Draft Mail item via REST API is failing.

Your Environment

Expected behavior

Expected to be able to pass a Bearer token to be able to send the draft which has been created and updated with an attachment in the Outlook add-in

Current behavior

When calling

https://outlook.office.com/api/v2.0/users/shareduser@domain.com/messages//send

fails with 403 error.

Using

Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function (result3) { Office.context.mailbox.item.getSharedPropertiesAsync({ )} )}

Using a shared folder we are able to forward a shared email to the draft folder and also add a attachment to this draft email but we are not able able to send the mail and are receiving a 403 error.

What we get back in the unsuccessful header:

x-ms-diagnostics: 2000008;reason="Delegate access to this API requires the following permissions: 'Mail.Send.All,Mail.Send.Shared'. However, the application only has the following permissions granted: 'Mail.ReadWrite,Mail.ReadWrite.Shared,Mail.Send,Calendars.ReadWrite,Calendars.ReadWrite.Shared,Contacts.ReadWrite'.";error_category="invalid_grant"

Manifest has ReadWriteMailbox and true

Shared Access is Full Access on the folder.

The Bearer token when checked is missing the Mail.Send.Shared (See below)

"deploymentid": "https://outlook.office365.com/", "tid": "dd8cbd8d-8b21-452e-9464-dcc545a965c7", "acr": "1", "appidacr": "0", "scp": "Mail.ReadWrite Mail.ReadWrite.Shared Mail.Send Calendars.ReadWrite Calendars.ReadWrite.Shared Contacts.ReadWrite", "nbf": 1654611785, "exp": 1654612685, "iss": "https://outlook.office365.com/", "aud": "https://outlook.office365.com",

ndeleuze commented 2 years ago

Thank you for reporting this issue regarding shared folder permissions. We can reproduce this on our end and are investigating the issue. We will circle back to this as soon as we can.

glr0221 commented 2 years ago

I am having the same issue as well. I cannot send an email (from my shared mailbox) and receiving a. 403 error.

A. NOT WORKING The token I am using seems to have the right scopes.

"deploymentid": "https://outlook.office365.com/", "tid": "cf9679c2-6b99-4296-b804-3af7a6d9eede", "acr": "1", "appidacr": "0", "scp": "Mail.ReadWrite Mail.ReadWrite.Shared Mail.Send Calendars.ReadWrite Calendars.ReadWrite.Shared Contacts.ReadWrite", "nbf": 1655255008, "exp": 1655255908, "iss": "https://outlook.office365.com/", "aud": "https://outlook.office365.com",

B. WORKING (GRAPH) The GRAPH version of my code is working correctly though. It has the Mail.Send.Shared permission. Here is the token scope :

"platf": "3", "scp": "Mail.Read Mail.Read.Shared Mail.ReadWrite Mail.ReadWrite.Shared Mail.Send Mail.Send.Shared openid profile email", "sub": "Z0cBIN4Gd0lQrWhy0IAP72vhn0e_qn3mNRs8N6idGF8",

Any update would be appreciated. Thanks.

ndeleuze commented 2 years ago

Hi @glr0221, thanks for the input. We've confirmed that the Bearer token we are passing back for this case is missing the Mail.Send.Shared scope. This issue has been put on our backlog. We unfortunately have no timelines to share at this point.

glr0221 commented 2 years ago

Thank you. Looking forward to your support.

glr0221 commented 2 years ago

Hello @exextoc @ndeleuze is this already fixed? I am still having the following issue :

x-ms-diagnostics: 2000008;reason="Delegate access to this API requires the following permissions: 'Mail.Send.All,Mail.Send.Shared'. However, the application only has the following permissions granted: 'Mail.ReadWrite,Mail.ReadWrite.Shared,Mail.Send,Calendars.ReadWrite,Calendars.ReadWrite.Shared,Contacts.ReadWrite'.";error_category="invalid_grant"

Thank you.

glr0221 commented 1 year ago

Hello @exextoc @ndeleuze,

I hope I am not trying your patience. But since REST-APIs deprecation has been pushed back to a later date, is there a possibility that this issue gets resolved in the (hopefully near) future?

I know you don't have a timeline for this, but this is really something great for all addins. (Or is there a way to add 'Mail.Send.All,Mail.Send.Shared' permissions in existing manifests? Thanks.)

Thank you.

ndeleuze commented 1 year ago

Hello @glr0221,

I am able to confirm that this issue is still open on our backlog, but unfortunately cannot provide any timeline for this.

Thank you.