从Outlook Web加载项访问Outlook RestAPI [英] Access to Outlook RestAPI from an Outlook web Add-in

问题描述

我开发了运行良好的Outlook Web加载项.它是一个Taskpane，可在约会的撰写模式下使用，它可以收集事件的数据，添加一些数据并将其全部发送到某个地方的API.

I developed an Outlook Web Add-in that is working fine. It's a Taskpane that is available in compose mode of appointments and that collects event's data, adds a few ones and send that all to an API somewhere.

我现在想做的是将经过身份验证的用户订阅到Outlook Rest API，以便在事件被删除时得到通知.

What I would like to do now is to subscribe the authenticated user to the Outlook Rest API in order to get notified when the event is deleted.

订阅呼叫应如下所示:

POST https://outlook.office.com/api/v2.0/me/subscriptions HTTP/1.1 
Content-Type: application/json 
{ 
  @odata.type:"#Microsoft.OutlookServices.PushSubscription", 
  Resource: "https://outlook.office.com/api/v2.0/me/events", 
  NotificationURL: "https://myNotifAPI.azurewebsites.net/api/send/myNotifyClient", 
  ChangeType: "Deleted", 
  ClientState: "blabla" 
}

我知道发布到订阅URL时需要提供有效的身份验证承载令牌，因此我尝试在外接程序中调用此方法:

I know I need to provide a valid Authentication Bearer Token when posting to the subscriptions URL so I tried to call this method in my Add-In:

_mailbox = Office.context.mailbox;
_mailbox.getUserIdentityTokenAsync(getUserIdentityTokenCallback);

在函数getUserIdentityTokenAsync中，我调用一个WebApi控制器来验证我的令牌并将其发送回外接程序:

In the function getUserIdentityTokenAsync, I call a WebApi Controller that validates my token and send it back to the Add-In:

AppIdentityToken token = (AppIdentityToken)AuthToken.Parse(rawToken);
token.Validate(new Uri(request.AudienceUrl));
return token;

我尝试使用该令牌将邮件发布到https://outlook.office.com/api/v2.0/me/subscriptions(使用邮递员)，但我收到401的提示:

I tried to use that token to Post to https://outlook.office.com/api/v2.0/me/subscriptions (using Postman) but I got a 401 saying:

reason="The audience claim value is invalid '<MyAddInURL>'.";error_category="invalid_resource"

在特定情况下使用的令牌是否正确，还是我需要获得另一个令牌?任何建议，将不胜感激！

Is it the right Token to use in that particular case or do I need to get another one? Any advices would be appreciated!

-编辑-

按照@ benoit-patra的建议，我尝试使用getCallbackTokenAsync而不是getUserIdentityTokenAsync来获取令牌，但是当我调用https://outlook.office.com/api/v2.0/me/subscriptions时，我确实收到了403:

As suggested by @benoit-patra I tried to get a token using getCallbackTokenAsync instead of getUserIdentityTokenAsync but when I called https://outlook.office.com/api/v2.0/me/subscriptions I did receive a 403 :

"error": {
    "code": "ErrorAccessDenied",
    "message": "The api you are trying to access does not support item scoped OAuth."
  }

按照@ benoit-patra的要求，这是令牌的内容:

As requested by @benoit-patra here's the Token content :

{
  "nameid": "9d643d8c-b301-4fe1-83f7-bf41b1749379@57bcd3d9-685a-4c41-8c7d-xxxxxx",
  "ver": "Exchange.Callback.V1",
  "appctxsender": "https://localhost:44444/NewAppointment.html@57bcd3d9-685a-4c41-8c7d-xxxxxx",
  "appctx": {
    "oid": "3a8a4f92-a010-40bd-a093-xxxxxx",
    "puid": "10033FFF9xxxxx",
    "smtp": "max@xxxx.onmicrosoft.com",
    "upn": "max@xxxx.onmicrosoft.com",
    "scope": "ParentItemId:AAMkADE4NTk2MDNjLTI4NGEtNDZkNS1hMzg4LTE3MzI2NGJhZWRkZQBGAAAAAAD+YYA7CnMtRZsrwJ7l6m44BwCcSer9F+cXSrWNauuHQlZ7AAAAAAENAACcSer9F+cXSrWNaxxxxxxxx"
  },
  "iss": "00000002-0000-0ff1-ce00-000000000000@57bcd3d9-685a-4c41-8c7d-xxxxx",
  "aud": "00000002-0000-0ff1-ce00-000000000000/outlook.office365.com@57bcd3d9-685a-4c41-8c7d-xxxx",
  "exp": 1487087672,
  "nbf": 1487087372
}

推荐答案

上一个答案是正确的，该错误是因为您获取的是项目范围的令牌.因为以前，回调令牌仅允许调用者调用GetItem和GetItemAttachment REST API.我们正在对回调令牌进行更改，以便客户端也可以调用API的REST.要求是首先您应该具有readWriteMailBox权限.其次，通过提供isRest=true来获得REST回调令牌，如下所示:

The previous answer is right, the error is because you are getting an item scoped token. Because previously Callback tokens only allowed a caller to call GetItem and GetItemAttachment REST APIs. We are making changes to the callback token so that clients can call REST of the APIs as well. The requirement is first you should have readWriteMailBox permission. Second get a REST callback token by providing isRest=true, like below

Office.context.mailbox.getCallbackTokenAsync({ isRest: true }, function (result))

生成的令牌将具有Mail.ReadWrite，Calendar.ReadWrite，Contacts.ReadWrite和Mail.Send范围.

The resulting token will have Mail.ReadWrite, Calendar.ReadWrite, Contacts.ReadWrite, and Mail.Send Scopes.

这表示isRest参数目前仅受Outlook Mobile客户端支持.支持OWA和Outlook的工作正在进行中，我们希望在3月发布.

That said the isRest parameter is only supported for outlook mobile client right now. The work to support it on OWA and Outlook is in progress and we expect to release it by March.

这篇关于从Outlook Web加载项访问Outlook RestAPI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！