2
votes

I've been working with Office365(Outlook) API for a while (https://outlook.office.com)

Now I need to be able to upload files. I found that it can only be done with using other service. (e.x. Microsoft Graph).

e.g. https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/item_createuploadsession

The problem is that with my current authentication I can't access both services at the same time:

Now I use scope:

openid offline_access profile 
https://outlook.office.com/calendars.readwrite.shared

When I add Files.ReadWrite.All to it, I'm no longer able to access outlook end-points. I get the following error:

The audience claim value is invalid 'https://graph.microsoft.com'

Is there a way to be able to invoke both services with the same token? Maybe any workaround?

1

1 Answers

2
votes

No, you can't use the same token. Access tokens are scoped to a particular API via the audience claim. The Outlook API rejects your token because the audience claim inside the token is set for Graph.

The easiest solution for you would be to just use Graph for your Outlook-related stuff. They are pretty close in terms of what is supported (see https://docs.microsoft.com/en-us/outlook/rest/compare-graph-outlook).

If there's something you're using that's only available on the Outlook endpoint, then you'll need to use a separate token.