I have an outlook addin that I've built using Yeoman. The addin communicates with a server API on my server to combine data from an email with additional data from a database that a user has saved against an email address. This is all working great.
Next I want to store a copy of the email server side, as a file on disk, .msg preferred but I'll take a .eml if thats the only option.
I have 2 options but don't know if either are possible. Either the addin generates the .msg file and posts it to the server API OR the server side API generates the .msg file directly. I have got the server side using the Outlook v2 API and able to pull back the email information when the client passes it the token, id etc. If it could just generate/download a .msg file server side this would be ideal.
As a side note, many of the Microsoft API pages point out the deprecation of the Outlook API in favor of the Graph API, however there are inconsistent links between the pages and it get confusing. I have discovered the token from getCallbackTokenAsync only works with the Outlook API and not Graph, but I cant find out a way to generate a graph compatible token. All the example code from MS uses Office.context.mailbox.restUrl which still gives the Outlook API url and not Graph!
So I guess I'm trying to find out if it's even possible to get/generate a .msg or .eml file either client side using outlook.js or server side using one of the api's. Thank you.
I can get message data both client and server side but cannot get a physical email file.
The Office JavaScript API (OfficeJS) doesn't provide anything for saving messages as msg files (or getting streams). The best what you could do is to use Graph API where you could get the EML file, see Get MIME content of a message for more information.
The server-side code may use the OAuth 2.0 On-Behalf-Of flow (OBO) to request a new access token with permissions to Microsoft Graph. Read more about that in the Authorize to Microsoft Graph with SSO article.
The on-behalf-of (OBO) flow describes the scenario of a web API using an identity other than its own to call another web API. Referred to as delegation in OAuth, the intent is to pass a user's identity and permissions through the request chain.
For the middle-tier service to make authenticated requests to the downstream service, it needs to secure an access token from the Microsoft identity platform. It only uses delegated scopes and not application roles. Roles remain attached to the principal (the user) and never to the application operating on the user's behalf. This occurs to prevent the user gaining permission to resources they shouldn't have access to. See Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow for more information.
Eugene's answer is good. If ultimately you need to get that message to your backend service, using Graph as Eugune described would be the recommended approach. If for whatever reason you are still looking for a capability to access it on client using Office.js, it is not a part of the product. We track Outlook add-in feature requests on our Tech Community Page. Please submit your request there and choose the appropriate label(s). Feature requests on Tech Community are considered, when we go through our planning process. Note there is already a couple of similar ideas there, if you search for "eml" keyword, that you may want to upvote.
Related
We are using BotFramework Composer to create bots. These bots are supposed to get information from a backend REST service, where we need to know, which user is submitting the request for data. We are currently using {turn.activity.from.id} to get the Teams user's id, and sending it in a special http header in the "Send an HTTP request" action. We then perform a mapping of this id to our internal users.
We are, of course, aware, that this is not secure at all, since anyone who knows this, could get the user's id and send it to our service. We are currently thinking along the lines of generating a short-lived jwt token in the Bot to send to our application. However, we see no direct way of implementing this token generation in the Bot Framework Composer itself.
Also, we don't want to use OAuth, because we don't want the user to have to log in via the bot.
Is there a way to implement custom token generation using C# or js and assigning it to a dialog variable to be used in a "Send an HTTP request" action?
This document discusses how to implement an HTTP request in Composer. The first half is focused on creating a login for OAuth, which I know is not your focus, so look at the second half. If you set up a simple server that can generate a token for you, then you can make a request to it from Composer using the method described.
As links can break and docs can change (and Composer is still in Preview), I would recommend saving the doc somewhere and checking back every so often for any updates.
I've used HTTP requests from within Composer, myself, so I know this will work for you.
Hope of help!
You can create a custom Action or a package component and create any c# methods there for JWT generation. This will keep it all local to the bot.
https://learn.microsoft.com/en-us/composer/how-to-create-custom-actions
I'm currently using Microsoft Graph, but have been running into its limitation on the request size. Seeing as how the Outlook REST API doesn't have that limitation and is supposed to be very similar to the Graph API for mail related functions, I wanted to use the Outlook API for sending messages with larger attachments.
But is there a way to get application level permissions with the Outlook REST API? Or make calls without a user? The authentication approach I'm using with Microsoft Graph is the one outlined at https://learn.microsoft.com/en-us/graph/auth-v2-service and it would be nice to be able to do the same with the Outlook API.
My app is registered at the Microsoft Application Registration Portal, but the permissions there are only for Microsoft Graph. I have seen an article that mentions being able to edit the manifest in order to get permissions working with other APIs (like the Outlook API), but wasn't too sure about that.
I have a React-based SPA Outlook add-in, and I am trying to make calls directly to the Microsoft Graph API.
Is there a way to utilize Office.context.mailbox.getCallbackTokenAsync() or Office.context.auth.getAccessTokenAsync() to get an AccessToken to call the Graph API directly from the Add-in?
As best I can tell, getCallbackTokenAsync() will let me call the Outlook REST API's directly (I ran into the issue of having scoped tokens because my manifest Permission was not set to ReadWriteMailbox), and the SSO token provided by getAccessTokenAsync() will only work if I pass it to a server somewhere to run a "on behalf of" OAuth request.
I'd prefer to not have to proxy all of my Graph requests through a server via the SSO flow, but as of now, that is the only solution I see.
Currently, I have been tasked to utilize the Google People API to ask for a user's basic Google information along with their public phone numbers. So far the results have been positive.
The solution my team and I have incorporated the Google People API integration in has the capacity to be utilized across thousands of domains. As a result, my question is simply, How can my team members and I ensure that any our clients that utilize our solution with their own particular domain get our new functionality built with the Google People API?
Keep in mind, our clients have the flexibility to have http/https and any subdomain on their site. Entering each domain possibility for our client base one by one would not be an easy task. I'm seriously hoping there is a solution around the single, explicit origin entries.
Thank you for your time and help.
Warning:
You must remember that if this is source code you are giving your clients that you are not allowed to release your client id and client secret. This includes plugins and scripts.
On November 5th 2014 Google made some changes to the APIs terms of Service.
Asking developers to make reasonable efforts to keep their private
keys private and not embed them in open source projects.
So if your clients could view the code of your application and see your client id and secret you should not be giving it to them.
Read more about this issue Can I really not ship open source with Client ID?
Recommendation:
The best solution for you will be to instruct your users now to create there own project on Google Developer Console and create their own JS origins.
You may just have to provide your own wrapper around the target API where you authorize the client request yourself and then do the request from Google using your own credentials.
I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.
We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.
Basic scenario:
Client wants to log in
API Consumer (php web project) takes this request, directs user to API
User send his/her user credentials to the api, gets the token.
User comes back to our website, pass token to the consumer.
Consumer goes to the api server, gets the access token.
Now consumer (php project) has access to user's private information.
Since this is a social network website, we want app developers to be able to use our API in the future.
I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?
Sure, API design is basically point where you need to choose technology.
Either it can be PHP or .net or Java.
I would prefer either PHP or .Net as we get lot of flexibility in it.
API will return XML or Json depending upon the request.
There are lot of CMS in php which can be helped.
.net we have Service Stack to help you.
API's had to be fully independent from other world as well as within API method as well.
If you are able to achieve this, then you will surely create a good architecture.