Clever Geek Handbook

Office 365 API ErrorAccessDenied (Access Denied. Please check your credentials and try again.)

I'm trying to create my first Office 365 API application and have one big problem.

I am trying to get basic user information with Office 365 API and Azure Active Directory and for that I do:

1) Get an access token. Http request for https://login.windows.net/common/oauth2/token for token:

HEADERS: Content-Type: application / x-www-form-urlencoded

AFTER THE DATA:

    grant_type = authorization_code
    client_id = *my_client_id*
    client_secret = *my_client_secret*
    session_state = e5fb6cd5-28f7-4dfc-b793-9ce8522534ac
    code = *code_that_i_got_to_my_callback_url*
    resource = https://outlook.office365.com/

I am getting a response with access_token, refresh_token, id_token, resource, etc.

2) I am trying to get basic information about a user with an access token:

Get request https://outlook.office365.com/api/v1.0/me with

HEADERS:

    client-request-id: *some_random_id*
    return-client-request-id: true,
    authorization: 'Bearer ' + *access_token*
    Accept: '*/*'

But I am getting:

{ error: 
   { code: 'ErrorAccessDenied',
     message: 'Access is denied. Check credentials and try again.' } }

My app in AAD has maximum permissions for everything (sorry for the Russian): Permissions for app

I do everything like here: http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange- online-in-office-365.aspx

And the most interesting point is that a week ago everything worked well (except that sometimes the response time was about 30 seconds), and I could get information about users.

And the last thing. On this page ( http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online- in-office-365.aspx ) you can find the request https://login.windows.net/common/oauth2/token with the parameter prompt = admin_consent. It worked as well a week ago, but now if you try you get Bad Request (400).

+3


source to share


2 answers


Thanks for your question and sorry for the concern you have with your first app. Can you check the permissions for Office 365 Exchange Online and make sure the "Full Control to User Mailbox" permission is NOT selected? See attached image for more details.

enter image description here

This is for accessing the user's mailbox using an older API called "Exchange Web Services" and not the Office 365 REST APIs. I think you are getting "Access Denied" for your REST API request because you may have chosen this permission.



Let me know if you still see the problem after removing this permission. Let me know if you have questions or need more information.

Thank,

Venkat

+5


source


Hi guys I am experiencing the same problem >> and can no longer find the correct "Permissions" in AAD for my application.



Do you know where to find it now?

0


source






More articles:


All Articles