Django with Microsoft API 365 - Service Discovery error

1
votes

I'm trying to make a Django application that can autheticate users with Microsoft 365 accounts, and I found this project on Github: https://github.com/jasonjoh/pythoncontacts

I followed the documentation and I get to the point where I'm prompted to the Microsoft account log-in page, where I give consent to the Azure AD app.

After reading the code, I understand that the Django app is trying to get the services available at: https://api.office.com/discovery/v1.0/me/services

The problem is that the link is giving me this error: 

{"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":"Access denied. You do not have permission to perform this action or access this resource."}}

I don't know if this problem is due to the Azure AD app permissions or due to the code.

Is my understanding that the Django app is asking the Azure AD Authorization Endpoint to log-in. This endpoint is returning the Sign-in window, and after the authentication I get the authorization code. With it, I should redeem the authorization code and acquire an access token at the Azure AD Token Endpoint, to be able to call the Office 365 API with it.

This are the permissions my app has in Azure AD ------------

3
pythondjangoazureoffice365

3 Answers

1
votes

You need to add in the Permissions to other applications the following: "Office 365 Exchange Online".

If you don't see it, make sure you have a paid subscription in Azure and in Office 365. If you have only a subscription in Azure, you will see the "Default Directory" that won't show you the application named above.

Hope it helps :)

0
votes

rGonzalez is correct. The code sample uses the Office 365 APIs that are in production before Office 365 Unified API was announced (in public preview). You have 2 options: - Option #1 (recommended): Use Office 365 Unified APIs. You will need to modify your app to skip the step to call Discovery APIs, and instead call the endpoint https://graph.microsoft.com/beta. See here for API docs. - Option #2: Get an Exchange subscription for your Office 365 tenant, so you see Office 365 Exchange Online listed as an option in your app registration page, and select "Read and write user calendars", "Send mail as a user", and "Read and write user mail" as permissions for your app.

Also, in the screenshot you attached, you don't "Read user calendars" and "Read user mail" permissions for your app, as they are already included in "Have full access to user calendars" and "Read and write access to user mail" permissions respectively.

0
votes

To access the discovery service you need to get a token with resource=https://api.office.com/discovery/

Now, if you are using the new Office 365 unified API there is no need for using the discovery service as all the information is served from a single endpoint https://graph.microsoft.com

hope that helps