Issue with PATCH method of outlook mail REST API returning ErrorAccessDenied

1
votes

We have an outlook add-in for which we need to update the single-value-extended-property of a mail item using it's itemId.

Documentation for updating the extension property: Here

We got the following response for the HTTP call:

Request Url: 

PATCH https://outlook.office365.com/api/v2.0/me/messages('{mailItemId}')

Response: 

{
    "error": {
        "code": "ErrorAccessDenied",
        "message": "The api you are trying to access does not support item scoped OAuth."
    }
}

On tweaking further, we found that there maybe an issue with the auth token that we are using in the request headers. We are using the Outlook's getCallbackTokenAsync api to fetch the token, with isRest option set to true for REST token. On searching around in stack-overflow for relevant issues, I found these questions:

  1. Can't add attachment to message in outlook add-in using Outlook rest API
  2. Access to Outlook RestAPI from an Outlook web Add-in

These suggest that there maybe a bug in this api, due to which it returns an item scoped token instead of a mailbox scoped one. The payload of an item scoped token contains Exchange.Callback.V1 as the value of the version and Exchange.Callback.V2 for a mailbox scoped one.

We decoded our response token on https://jwt.io/ and found that the token returned was indeed an item scoped one, and hence we are blocked on pushing the updated value of extended-property to the mail item. It was also written that this issue may get resolved in the builds after 16.0.7902.1000. I am trying this on web-browser client for Outlook though, and not sure how the build version is relevant in my case.

Has anyone else faced such behavior recently, or is there any possible work-around for the issue?

************** EDIT ****************

I followed the suggestion in the comment, and am now able to execute the patch request from postman, but not from within the add-in. I get a 400 bad request error in the console. Below is a version of the response with the particular key name and url removed.

{ 
  "_body": { 
    "error":{ 
      "code":"RequestBodyRead", 
      "message":"An unexpected instance annotation name '{key name}' was found 
                 when reading from the JSON reader, In OData, Instance 
                 annotation name must start with @."
    } 
  }, 
  "status": 400, 
  "ok": false, 
  "statusText": "Bad Request", 
  "type": 2 
}

How can I resolve this ?

1
office-jsoutlook-web-addins
Please have a look at getCallbackTokenAsync API doc : docs.microsoft.com/en-us/office/dev/add-ins/reference/… . You need to specify ReadWriteMailbox permission in its manifest.Outlook Add-ins Team - MSFT
Ah right! This solved my issue. Thanks for your help. :)Swasti Gupta

1 Answers

1
votes

Please have a look at getCallbackTokenAsync API doc : docs.microsoft.com/en-us/office/dev/add-ins/reference/… . You need to specify ReadWriteMailbox permission in its manifest.