-2

I'm working on authentication for Outlook (office365) users in our web app through ouath2. Mainly I was followed this example: https://dev.outlook.com/RestGettingStarted/Tutorial/python . I managed to get response with access_token in it; also article from the link above, states that response should contain token_id which in turn will contain encoded user email. In my case response with access token is something like this:

{
u'token_type': u'Bearer', 
u'scope': u'https://outlook.office.com/mail.readwrite', 
u'access_token': u'EwB4Aul3BAA...ZQE=', 
u'expires_in': u'3600'
}

Apparently no token_id here. I've googled a bit for some Office365 API which will allow to fetch user info (and email) using access_token but no luck.

Any suggestions?

Anton Koval'
  • 4,863
  • 5
  • 31
  • 44

2 Answers2

0

So, the answer is pretty simple: I forget to add openid to scopes before requesting access token.

Anton Koval'
  • 4,863
  • 5
  • 31
  • 44
0

I followed the PHP example at https://dev.outlook.com/RestGettingStarted/Tutorial/php

However, I was unable to get the email address of the signed in user, even with the openid scope.

After about 24 hours of searching and testing, I eventually found that I needed to add profile as a scope. I only discovered this via the OAuth Sandbox https://oauthplay.azurewebsites.net/ by examining request headers.

Hopefully, this helps someone.

This really should be better documented.

Tim B
  • 1
  • 2