This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 68%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Is it possible to make a POX autodiscover request using an OAuth token. The token has application access privilege for the EWS "full access as app" Office 365 Exchange Online permission.
Whenever I make a request with the token set using Bearer authentication, I get the following response
<?xml version="1.0" encoding="utf-16"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="07:52:39.8644685" Id="1321019259">
<ErrorCode>500</ErrorCode>
<Message>The email address can't be found.</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
But the same request works with basic authentication. I am using this endpoint - https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
The reason i am doing this is to fetch appropriate headers to make public folder requests
I am able to successfully query the SOAP autodiscover endpoint with same token.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 64%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
I am experiencing this exact problem (here's my question), and I found that OAuth works as long as you use delegated permissions instead of application permissions. I'm not sure if this will work in your scenario or not.
I used the EWS.AccessAsUser.All scope when requesting the token using a device code flow. Device code flow will require the following setting to be enabled in the app registration:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 99%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Strange I am also getting exactly the same problem but the above solution doesnt work for me.
@Madan Bisht here's a sample of code I used to obtain an access token that worked for me:
IPublicClientApplication app = PublicClientApplicationBuilder
.Create("<your client id>")
.WithTenantId("<your tenant id>")
.Build();
AuthenticationResult authResult = null;
authResult = await app.AcquireTokenInteractive(new string[] { "EWS.AccessAsUser.All" }).ExecuteAsync();
if (authResult != null)
{
_AccessToken = authResult.AccessToken;
}
This will open up a login Window for authenticating with Azure AD, and if the user you are logging in as has not already consented to the requested scopes, you will be prompted to consent. The device code flow works similarly, and will ask for consent if not already granted. Another method I found useful was this one:
authResult = await app.AcquireTokenByIntegratedWindowsAuth(new string[] { "EWS.AccessAsUser.All" }).ExecuteAsync();
This will only work if the user has already consented, but I found it useful for a background process to silently acquire a token. I was going to try caching tokens from an interactive login, but the Windows authentication worked, and was simpler.