Search code examples
oauthoutlooksandboxoffice365api

Outlook Dev Center - OAuth Sandbox stopped working with mail

Outlook Dev Center - OAuth Sandbox stoped working with mail. When i try to send :

https://outlook.office.com/api/v2.0/me/mailfolders/inbox/messages?$top=10

i'm getting :

HTTP/1.1 403 Forbidden
Transfer-Encoding: chunked
request-id: 72bb8456-b708-4395-b20b-070f59203571
X-CalculatedBETarget: AM4PR06MB1602.eurprd06.prod.outlook.com
X-BackEndHttpStatus: 403
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
OData-Version: 4.0
X-DiagInfo: AM4PR06MB1602
X-BEServer: AM4PR06MB1602
X-FEServer: AM4PR01CA0018
X-MSEdge-Ref: Ref A: C76DC482B3B948DCA89EA29991DAC69F Ref B:CFF0022456998571B7B1C5143CD90D48 Ref C: Sun Oct 30 05:12:00 2016 PST
Cache-Control: private
Date: Sun, 30 Oct 2016 12:12:00 GMT
Set-Cookie: exchangecookie=7f60ed49643e4ce098a0af5830de4eec; expires=Mon, 30-Oct-2017 12:12:00 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000",   trusted_issuers="00000001-0000-0000-c000-000000000000@*",    token_types="app_asserted_user_v1 service_asserted_app_v1",   error="invalid_token"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

{
"error": {
    "code": "ErrorAccessDenied",
    "message": "Access is denied. Check credentials and try again."
   }
}

after some investigation i noticed that OAuth Sandbox is not requesting email read write permission. Is it a bug?

Solution

  • I don't reproduce this. The Sandbox does request read/write permission via the Mail.ReadWrite.Shared scope, assuming you are authorizing with your own account.

    If you click the Authorize using Sandbox Account it only requests Mail.Read.Shared, but that is sufficient scope to do a GET on https://outlook.office.com/api/v2.0/me/mailfolders/inbox/messages?$top=10.

    So to answer your question, no, I don't believe this is a bug. :) Can you provide more info on exactly what you're doing when you get this error? Are you logging in with an Office 365 account or a Microsoft account (outlook.com, Hotmail.com, etc.)?

    Update: The problem was caused by Microsoft accounts not understanding the Mail.ReadWrite.Shared and ignoring it. The sandbox has been updated to request both the Mail.ReadWrite and the Mail.ReadWrite.Shared scopes.