Forum Discussion

Anonymous's avatar
Anonymous
Nov 14, 2018
Solved

Unauthorized attempting to send Email with valid access token

Hi,   I'm attempting to programatically send email using PowerShell and the Office 365 outlook REST API (can't use SMTP as it's blocked).   I've managed to set up my Web App in Azure AD with what...
exchange
office 365
  • Anonymous's avatar
    Anonymous
    Nov 15, 2018

    OK, I've figured out the issue - putting this here for others to find if they hit the same problem.

     

    The underlying issue is that the O365 v2.0 Web API is woefully under-documented!

     

    The main issue with using the Client Credentialworflow is that it authenticates the App itself, and not a user, therefore you need to specify the user to send the email from in the URI - but I had to guess that from the v1.0 API!

     

    Changing the URI used with the access token from ;

     

    https://outlook.office365.com/api/v2.0/me/sendmail

    to

    https://outlook.office365.com/api/v2.0/users/<user spn>/sendmail

     

    Then the API knows which user the email is being sent from and the token which has the 'Send mail for any user' claim is accepted and the email is sent.

     

    Hope others find this useful.

     

    Regards,

     

    Mark. 

VasilMichev's avatar
VasilMichev
MVP
Nov 14, 2018

Do check the token for the scope/permissions, you can parse it on jwt.ms/jwt.io or via PowerShell as well if needed.

Resources