401 unauthorized outlook.office.com api Azure AD v2 authentication endpoint

1
votes

Successfully using the graph endpoint with Azure AD v2 authentication. All working perfectly.

Graph endpoint does not support outlook tasks so need to use the outlook api endpoint outlook.office.com/api.

Am establishing scope at authentication with scope parameter. Using identical code, just different endpoint e.g.

https://graph.microsoft.com/beta/me/messages - works https://outlook.office.com/api/beta/me/messages - 401 Unauthorized

What am I missing? What does outlook.office.com need different from graph endpoint to work?

2
microsoft-graph-apioutlook-restapi

2 Answers

2
votes

Outlook and MS Graph are related but different services. You cannot interop tokens between the two services. You should get different tokens for each service with proper scopes for each one of them.

1
votes

Resolved this and answer posted here for anyone else looking.

Graph accepts unqualified scopes e.g. Mail.Read Mail.Send but these do not work for outlook.office.com/api which requires scopes to be qualified with endpoint i.e. https://outlook.office.com/mail.read

It is the qualified scopes that makes a token not interoperable across endpoints i.e. scope requested is for graph or outlook.office.com