Spring email with microsoft graph permissions - spring

I'm working on an email trigger component where I have been able to successfully use client_credentials flow with Microsoft graph API.
However I want to be able to use spring email and bring in benefits it provides over a rest api call to the Microsoft graph API, things like using thymeleaf email templates for decorating the emails.
I tried doing that by first getting the token from Microsoft graph and use it as the password for the JavaMailSender instance and by using host as smtp.office365.com but it didn't work. I followed this link for that experiment JavaMail connecting to Office 365 XOAUTH2 for IMAP Authentication fails
Is there an easy way to do this? I want to basically get the best of both worlds, spring email and Microsoft graph API

Related

Outlook addin - js or api generate email file

I have an outlook addin that I've built using Yeoman. The addin communicates with a server API on my server to combine data from an email with additional data from a database that a user has saved against an email address. This is all working great.
Next I want to store a copy of the email server side, as a file on disk, .msg preferred but I'll take a .eml if thats the only option.
I have 2 options but don't know if either are possible. Either the addin generates the .msg file and posts it to the server API OR the server side API generates the .msg file directly. I have got the server side using the Outlook v2 API and able to pull back the email information when the client passes it the token, id etc. If it could just generate/download a .msg file server side this would be ideal.
As a side note, many of the Microsoft API pages point out the deprecation of the Outlook API in favor of the Graph API, however there are inconsistent links between the pages and it get confusing. I have discovered the token from getCallbackTokenAsync only works with the Outlook API and not Graph, but I cant find out a way to generate a graph compatible token. All the example code from MS uses Office.context.mailbox.restUrl which still gives the Outlook API url and not Graph!
So I guess I'm trying to find out if it's even possible to get/generate a .msg or .eml file either client side using outlook.js or server side using one of the api's. Thank you.
I can get message data both client and server side but cannot get a physical email file.
The Office JavaScript API (OfficeJS) doesn't provide anything for saving messages as msg files (or getting streams). The best what you could do is to use Graph API where you could get the EML file, see Get MIME content of a message for more information.
The server-side code may use the OAuth 2.0 On-Behalf-Of flow (OBO) to request a new access token with permissions to Microsoft Graph. Read more about that in the Authorize to Microsoft Graph with SSO article.
The on-behalf-of (OBO) flow describes the scenario of a web API using an identity other than its own to call another web API. Referred to as delegation in OAuth, the intent is to pass a user's identity and permissions through the request chain.
For the middle-tier service to make authenticated requests to the downstream service, it needs to secure an access token from the Microsoft identity platform. It only uses delegated scopes and not application roles. Roles remain attached to the principal (the user) and never to the application operating on the user's behalf. This occurs to prevent the user gaining permission to resources they shouldn't have access to. See Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow for more information.
Eugene's answer is good. If ultimately you need to get that message to your backend service, using Graph as Eugune described would be the recommended approach. If for whatever reason you are still looking for a capability to access it on client using Office.js, it is not a part of the product. We track Outlook add-in feature requests on our Tech Community Page. Please submit your request there and choose the appropriate label(s). Feature requests on Tech Community are considered, when we go through our planning process. Note there is already a couple of similar ideas there, if you search for "eml" keyword, that you may want to upvote.

Authentication to use Teams incoming webhook

I'm implementing a microsoft teams incoming webhook and I got worried about some bad guy getting the webhook link and sending spams, getting messages from the team and so on. So I'd like to know how secure this feature is? Is there anything that I can do to improve the webhook security?
You can bring Microsoft Teams Incoming Webhook security to the next level using Azure Logic Apps:
It provides following security levels:
Better control over who can create and use a webhook:
You can rely on Azure RBAC built-in roles for Azure Logic App to define your access policy. The configuration of the webhook is done in Azure and no configuration information is available from Microsoft Teams.
More options to authenticate the event emitter: There are different ways to authenticate an emitter and Azure Logic App provides a wide range of options to do that - These methods come in addition to the SAS signature or can replace it.
To name the most requested one in the context of incoming webhooks, we have:
Source IP white listing
Basic authentication / Http headers acces keys
Azure AD OAuth2.0 token
Protect users from the content published into Teams:
With Azure Logic App, you will capture all requests to the webhook because you have control over the endpoint (versus incoming webhooks hosted and exposed via the O365 platform) - When the workflow is triggered, you can add actions steps to your workflow to:
Validate the schema of the payload (in case an inappropriate JSON
content is pushed)
Log this request into an external system - e.g.
you can push this payload or log this event into Azure Monitor and
process the content in Azure Sentinel using Logic App built-in
connectors.
Map / aggregate / curate / enrich / .... the incoming
content and format the message to be pushed in Teams using Adaptive Cards.
Reference doc: https://www.linkedin.com/pulse/bring-microsoft-teams-incoming-webhook-security-next-level-kinzelin/?msclkid=58f6ddafd0eb11eca9ccc0356553ed5c

Can we develop a functional or process bot using azure service

I'm looking for a solution where my bot can understand users request(may be with LUIS this can be achieved) and verifies/validates the user/requirement with master data. If all good, then connect to my native database(Siebel CRM via API) to perform the defined action and log a reference ticket(via API) and finally send an email to user using outlook. Is this achievable using azure service?
Yes, the Bot Framework can do all of those things:
my bot can understand users request
LUIS is perfect for this.
verifies/validates the user/requirement with master data
All of this can be done within Waterfall dialogs or Prompts. You can either store the master data in the bot code, or query it from an external source and have the bot validate against it.
Here's a good sample for prompts and validation.
connect to my native database(Siebel CRM via API) to perform the defined action and log a reference ticket(via API)
The bot runs on C#/Node, so anything (including calling your APIs) that you can do in C#/Node, you can do in your bot.
send an email to user using outlook
Bot Framework has a specific Email Channel for this or you can use the Graph API.
Recommended Resources
Docs and QuickStarts
Samples Repo
Reference Docs: C# / TypeScript
LUIS Docs

Outlook REST API - Application Permissions or Background Services

I'm currently using Microsoft Graph, but have been running into its limitation on the request size. Seeing as how the Outlook REST API doesn't have that limitation and is supposed to be very similar to the Graph API for mail related functions, I wanted to use the Outlook API for sending messages with larger attachments.
But is there a way to get application level permissions with the Outlook REST API? Or make calls without a user? The authentication approach I'm using with Microsoft Graph is the one outlined at https://learn.microsoft.com/en-us/graph/auth-v2-service and it would be nice to be able to do the same with the Outlook API.
My app is registered at the Microsoft Application Registration Portal, but the permissions there are only for Microsoft Graph. I have seen an article that mentions being able to edit the manifest in order to get permissions working with other APIs (like the Outlook API), but wasn't too sure about that.

Call Microsoft Graph API directly from Outlook add-in

I have a React-based SPA Outlook add-in, and I am trying to make calls directly to the Microsoft Graph API.
Is there a way to utilize Office.context.mailbox.getCallbackTokenAsync() or Office.context.auth.getAccessTokenAsync() to get an AccessToken to call the Graph API directly from the Add-in?
As best I can tell, getCallbackTokenAsync() will let me call the Outlook REST API's directly (I ran into the issue of having scoped tokens because my manifest Permission was not set to ReadWriteMailbox), and the SSO token provided by getAccessTokenAsync() will only work if I pass it to a server somewhere to run a "on behalf of" OAuth request.
I'd prefer to not have to proxy all of my Graph requests through a server via the SSO flow, but as of now, that is the only solution I see.

Resources