Office 365 API ErrorAccessDenied (Access is denied. Check credentials and try again.)

api ms-office office365 azure-active-directory
20,556

Thanks for your question and sorry to hear about the trouble you are having with your first app. Can you please check the permissions for Office 365 Exchange Online and make sure the permission "Have full access to a user's mailbox" is NOT selected? See attached image for more details.

enter image description here

This is meant for access to a user's mailbox using an older API called Exchange Web Services, and not intended for Office 365 REST APIs. I think you are getting "Access Denied" for your REST API request because you may have selected this permission.

Let me know if you are still seeing an issue after removing this permission. Let me know if you have any questions or need more info.

Thanks,

Venkat

Share:
20,556
KardanovIR
Author by

KardanovIR

Developer Advocate @ Waves Platform, software engineer. Blockchain, ML&AI developer. All opinions are my own.

Updated on August 05, 2022

Comments

  • KardanovIR
    KardanovIR over 1 year

    I'm trying to build me first app with office 365 API and have one big problem.

    I'm trying to get main info about user with Office 365 API and Azure Active Directory and for that I'm doing:

    1) Get access token. The http post request to https://login.windows.net/common/oauth2/token for token:

    HEADERS: Content-Type: application/x-www-form-urlencoded

    POST DATA:

        grant_type = authorization_code
    client_id = *my_client_id*
    client_secret = *my_client_secret*
    session_state = e5fb6cd5-28f7-4dfc-b793-9ce8522534ac
    code = *code_that_i_got_to_my_callback_url*
    resource = https://outlook.office365.com/

    I get response with access_token, refresh_token, id_token, resource etc.

    2) I'm trying to get main info about user with access token:

    Get request to https://outlook.office365.com/api/v1.0/me with

    HEADERS:

        client-request-id: *some_random_id*
    return-client-request-id: true,
    authorization: 'Bearer ' + *access_token*
    Accept: '*/*'

    But I get:

    { error: 
   { code: 'ErrorAccessDenied',
     message: 'Access is denied. Check credentials and try again.' } }

    My app in AAD has max permissions for everything (sorry for russian): Permissions for app

    I'm doing everything like here: http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx

    And the most interesting moment is that one week ago everything worked good (except that sometimes response time was about 30 sec) and I could get information about users.

    And last thing. On that page (http://blogs.msdn.com/b/exchangedev/archive/2014/03/25/using-oauth2-to-access-calendar-contact-and-mail-api-in-exchange-online-in-office-365.aspx) you can find request to https://login.windows.net/common/oauth2/token with parameter prompt=admin_consent. It was working also week ago, but now if you try you'll get Bad Request (400).

  • Benjamin Fox
    Benjamin Fox over 9 years
    Is this permission going to be removed or renamed? It's currently a bit misleading!
  • Venkat Ayyadevara - MSFT
    Venkat Ayyadevara - MSFT over 9 years
    Hi Benjamin Fox, We are going to rename the permission to make it clearer. And we are investigating if we can make a service-side change to ignore this permission and not return an Access Denied error when a REST API request is received with a token including "Full Access" permission. Hope that helps. Thanks, Venkat
  • Ian Jowett
    Ian Jowett over 5 years
    I am having a similar issue, where do I see this setting on Azure?
  • Teodor Głaz
    Teodor Głaz over 3 years
    I had the same problem, and then, after removing the check from the checkbox I get 401 unauthorized when I'm retrieving an item using BindToItem. I use Oauth to authenticate

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AADSTS90102: 'redirect_uri' value must be a valid absolute Uri
Office365 Excel access to the Tools -> References menu for RegExp library
Make Outlook add-ins working with Office 365 shared mailboxes
How to filter Get-MsolUser
Service ADSync was not found on computer
Update the companyName attribute for an Azure AD user via PowerShell
Replace "Shift-Enter" line break with "Enter" in word document using Microsoft office API
SaveAs vs SaveAs2 in the Microsoft Office Word object model
Get started with Office 365 REST API
Converting byte array output into Blob corrupts file