UCWA Skype for Business Online API Authentication - 403 Forbidden Applications Resource

5
votes

I'm following this guide (https://msdn.microsoft.com/en-us/skype/ucwa/authenticationusingazuread) to attempt and authenticate and create a Skype App.

My goal is to create a Skype Meeting via the API and generate an Online Meeting URL.

I'm able to get as far as generating the Applications Resource URL.

When I attempt POST to the URL I receive a 403 Forbidden error. Looks like there might be an issue with the token? However I am using the token in earlier requests to get the App URL.

enter image description here

Any thoughts on what I am doing wrong?

Post Request:

POST https://webpool.infra.lync.com/ucwa/oauth/v1/applications HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Authorization: Bearer (edited)
x-ms-request-root-id: a9c17f66-46d761cf7325d6a7
x-ms-request-id: |a9c17f66-46d761cf7325d6a7.6.
Request-Id: |a9c17f66-46d761cf7325d6a7.6.1.
Content-Length: 96
Host: webpoolblu0b11.infra.lync.com

{ UserAgent = UCWA Samples, EndpointId = f87e1d57-83a4-4f9b-aac7-00f05f440637, Culture = en-US }

Post Response:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>403 - Forbidden: Access is denied.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>403 - Forbidden: Access is denied.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>

Permissions:

enter image description here

1
skype-for-businessskypedeveloper
Which scopes have you requested? It would also help to have the HTTP request that results in the 403. - Marc LaFleur
Hey Marc, sorry for just now getting back to this. I've updated the raw HTTP Post request where I'm Posting to /applications URL I receive back. I'm not explicitly requesting any scopes as I'm retrieving the access token via ADAL. I'm using that access token to retrieve the /applications URL earlier on, so I wouldn't think that would be a problem? - aherrick
Sorry, I meant scopes in the larger context of "permissions" rather than an actual scope attribute. When you register your app in AD you had to provide a list of permissions. These were really what I was after. - Marc LaFleur
No problem! Updated with an image of permissions. Only used delegate. Do I need application level? - aherrick
I assume webpoolblu0b11.infra.lync.com was what the autodiscovery process returned? Have you tried opening the bearer token to make sure the scopes you need are showing up? If not, you can do that by pasting the token into jwt.io. - Marc LaFleur

1 Answers

0
votes

I've figured this out. I wasn't serializing the JSON properly. Below is a fixed snippet:

            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

            var jsonObject = new
            {
                UserAgent = "UCWA Samples",
                EndpointId = Guid.NewGuid().ToString(),
                Culture = "en-US"
            };

            var createMeetingPostData = JsonConvert.SerializeObject(jsonObject);

            var content = new StringContent(createMeetingPostData, Encoding.UTF8, "application/json");
            var data = await client.PostAsync(appUrlData.appUrl, content);