Please see edits at the bottom.
I'm trying to work with the Office 365 API using EWS (not the managed API) to create/delete/update events on users' calendars.
So far, I have successfully used Basic Auth to validate that my SOAP request will work. I'm now trying to replace Basic Auth with OAuth 2. I require the use of the Client Credentials Flow.
Here are the steps I followed:
Provided admin consent to the application. I launched the following URL in my browser, and provided consent using an admin account.
https://login.microsoftonline.com/common/oauth2/authorize? response_type=code+id_token& scope=openid& client_id=[Client ID]& redirect_uri=http://localhost/myapp/permissions& resource=https://outlook.office.com& prompt=admin_consent& response_mode=form_post& nonce=1234
Upon granting consent, I retrieved the
id_token
from the response, and decoded it using JWT.io. From the payload, I recorded thetid
.Next I retrieved an access token by sending the following request:
POST https://login.microsoftonline.com/[TID]/oauth2/token HTTP/1.1 cache-control: no-cache Content-Type: application/x-www-form-urlencoded Accept: */* Host: login.microsoftonline.com accept-encoding: gzip, deflate Connection: close client_id=[CLIENT ID]& client_secret=[CLIENT SECRET]& grant_type=client_credentials& resource=https%3A%2F%2Foutlook.office.com
Using the access token, I sent out the same request as I did using Basic Auth, except I replaced the Basic Auth header with
Authorization: Bearer [Access Token]
I received the following error (403 Forbidden
):
The token contains not enough scope to make this call.
What do I need to do to fix this error?
Edit 1: I added the Use Exchange Web Services with full access to all mailboxes
application permission, and sending the SOAP message now results in an 500 Internal Server Error
...