0
votes

Currently I'm working on integration of WSO2 (5.8.0) and AzureAD using Office365 authenticator (ver. 1.0.6). I see in the logs that authenticator is at least doing something but from Azure side Im getting exception:

Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://outlook.office365.com/api/v2.0/me

On Azure I set delegated permissions to Exchange APIs checking everything in my application. I also checked Graph API but still without success. What permission should be granted to allow my app to access https://outlook.office365.com/api/v2.0/me?

1
A similar question was raised here as well stackoverflow.com/questions/39932422/… - Piraveena Paralogarajah
Yes already tried different permissions but still without success, however if I change authentiication method from Office365 authenticator to oauth2/openid then Im able to get the token, whats the difference between them? - ozilienko
Office365 authenticator is a dedicated connector for configuring AzureAD as Federated IDP using OpenID Connect. This authenticator is using this outlook.office365.com/api/v2.0/me endpoint to get user attributes by default .But OAuth2/OpenID Connect Configuration is common for all OIDC federated IDPs. Under this OAuth2/OpenID Connect Configuration you need to configure each endpoints of the OIDC federated IDP - Piraveena Paralogarajah
Any update for this issue? - Tony Ju
I switched to openId in WSO2 instead of office365 authenticator and it now works fine. - ozilienko

1 Answers

0
votes

To access https://outlook.office365.com/api/v2.0/me, you will need https://outlook.office365.com/User.Read permission.

enter image description here

And you need to add the access token in the request header. If you have done this all correctly, please show us how you got the access token.