Friday, 15 June 2012

c# - Office 365 / EWS Authentication using OAuth: The audience claim value is invalid -



c# - Office 365 / EWS Authentication using OAuth: The audience claim value is invalid -

i'm still struggling this. please see previous question details.

i doing application (currently command line) should access office 365/exchange through ews managed api. goal authenticate through oauth2.

i have registered application in azure ad. have used clientid there generated app secret / key have delegated "have total access users' mailbox (preview)" permissions app.

i using adal retrieve access token this:

var authorization = "https://login.windows.net/<tenant>" var authcontext = new authenticationcontext(authority); var clientcredential = new clientcredential("<clientid>", "<appkey>"); result = oauthtokenmanager.authcontext.acquiretoken("<my resourceid>", clientcredential);

i access token back. decoded value is:

{ "typ": "jwt", "alg": "rs256", "x5t": "krimpdmbvx68skt8-mpab3bseea" }. { "aud": "<my resource id>", "iss": "https://sts.windows.net/2d1f889d-7930-4ef6-9f87-ef096d91ac47/", "nbf": 1403253608, "exp": 1403296808, "sub": "bdb0baf9-29ca-4a43-b9f8-d81ca2ae83bd", "appid": "<my app id>", "oid": "bdb0baf9-29ca-4a43-b9f8-d81ca2ae83bd", "tid": "2d1f889d-7930-4ef6-9f87-ef096d91ac47", "idp": "https://sts.windows.net/2d1f889d-7930-4ef6-9f87-ef096d91ac47/" }. [signature]

i utilize token connect ews:

var service = new exchangeservice(exchangeversion.exchange2013_sp1); var credentials = new oauthcredentials(token); service.credentials = credentials; service.url = new uri("https://outlook.office365.com/ews/exchange.asmx"); service.impersonateduserid = new impersonateduserid(connectingidtype.smtpaddress, "<smtp address of o365 mailbox>"); folder inbox = folder.bind(service, wellknownfoldername.inbox);

the folder.bind fails 401 error.

in ews trace can see reason:

the audience claim value invalid <my resource id>

the resource id "app-id-uri" registered application.

i'm sure i'm missing little details... can't find :) pointers much appreciated.

if utilize https://outlook.office365.com/ resource id (aud), error message:

acs50001: relying party identifier 'https://outlook.office365.com/' not found.

the tenant have exchange subscription, , has total access mailbox.

your "aud" parameter should "https://outlook.office365.com". seek passing acquiretoken. shouldn't need set impersonateduserid. hope helps!

c# oauth-2.0 ms-office ews office365

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)