Outlook API: getting access-token from front-end, how can i use it in web API backend to get Outlook messages

402 views Asked by At

Im writing a application for outlook, front-end Angular, backend Web API. I'm successfully getting access-token using adal in front-end, sessionStorage is:

adal.access.token.keyxxxxx6b-xxxx-xxxx-xxxx-376xxxx9c09:"Access-token"
adal.error:""
adal.error.description:""
adal.expiration.key:"0"
adal.expiration.keyxxxxx6b-xxxx-xxxx-xxxx-376xxxx9c09:"1482073764"
adal.idtoken:"access-token"
adal.login.error:""
adal.login.request:"http://localhost:8080/"
adal.nonce.idtoken:"xxxxx6b-xxxx-xxxx-xxxx-376xxxx9c09"
adal.session.state:"86xxxxxd-xxxx-480b-xxxx-34923xxxx918"
adal.state.login:"9axxxxxx-xxxx-xxxx-xxxx-360xxxxxx94"
adal.token.keys:"xxxxx6b-xxxx-xxxx-xxxx-376xxxx9c09|"
adal.token.renew.statusxxxxx6b-xxxx-xxxx-xxxx-376xxxx9c09:"Completed"

Now i'm sending access-token to backend, and i want to get messages from outlook API, but how can i do it. Searched for outlook REST api, and tested using POSTMAN, but not working.(401 error)

Get https://outlook.office.com/api/v2.0/me/messages
Authorization: Bearer access-token
Accept: application/json

Any suggestions on how to do this? Thanks in advance.

1

There are 1 answers

0
Shawn Tabrizi On

It looks like you are trying to complete the on-behalf-of flow. This is where a front-end API gets an access token to a middle tier service, which subsequently gets an access token to a back-end API. Let's assume that the token from the front-end to the middle tier has user context. You are able to get a token from the middle tier, to the back-end using the same user context, by requesting a new access token using the original access token.

Here are more details on the flow: Find the section titled Delegated User Identity with OAuth 2.0 On-Behalf-Of Draft Specification

Here is a code sample integrating this flow: https://github.com/Azure-Samples/active-directory-dotnet-webapi-onbehalfof

Just to note, in this specific case, that the 401 error implies that you do not have the correct permissions for calling and accessing the API you want. Can you make sure you have selected the right permissions for the resource you want to access, for the client that you are accessing it with?

I hope this is what you are looking for!