Forum Discussion
Powershell API rest v1 to v2 with oauth
I recently recieved noticed that v1.0 is going away by Nov 2018 and v2.0 should be used. I have some idea after researching this but need some help. Currently using below which I believe is going away.
$url = "outlook.office365.com/api/v1.0/me/messages"
$messageQuery = $url + "?`$select=Id,Subject&`$filter=HasAttachments eq true and DateTimeReceived ge " + $date
I understand I have to register my app. I did that under that account that recieves the reports and gave permissions for mail.read. I'll probably end up changing the messagequery which if anyone knows the best resource to try a mimic my query to new version would be much appreciated.
I'm reading in other blogs saying that a user action must take place to receive token back.
All this is a a powershell script that picks up attachments in emails and downloads them automatically on a daily scheduled run. Is there any resource or example PS scripts somewhere I can read about using simple powershell scripts with oauth 2.0? The idea is that no user action is needed....any additional help would be much appreciated.
You didn't really ask a question here, but assuming you want to automate this scenario by leveraging an app you've already registered, all you need to do is generate a new key/secret then use the corresponding method to get a token via it. Detailed instructions for example here: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
- William PhillipsCopper Contributor
Thanks for the quick response. I'm reading up on this oauth 2.0 and when I'm registering my powershell script I'm confused because I keep seeing that its more app related than just a simple script running. I registered the app under the account that receives the emails with reports so I'm not using a different account to access. The PS1 script I used for v1 uses those credentials securely. Also in the link you provided(much appreciated), it mentions to get administrator consent via azure portal. Is this necessary if using same account credentials to basically download its own files from emails? There is no login url for this script.
For platform, when I choose "Web" I have to provide redirect URL which I'm not sure what this means as its just a powershell script running on windows scheduler on a server 08 we have on premise. When I choose "web API" I seem to get app id uri already generated. I'm not sure what Pre-auithorized applications part mean where it wants ID and scope. I gave permissions for delegated permissions to mail.read and user.read and app permissions I gave mail.read(admin only), user.read.all(admin only). Should I be choosing "web api" for my simple powershell scripts? Was hoping to see an example of someone else's powershell script with oauth to compare how it was done.
The below API endpoint is my fear that it will stop working soon. Am I interpreting this incorrectly?
Admin consent is needed when you want to be able to read messages across the company, and yes you need to be using the webapi type of application for this. Or do you want to simply run this in the context of the signed in user?