UiPath.MicrosoftOffice365.Activities does not ask for shared mailbox permissions

‘Send Mail’ and ‘Get Mail’ will fail when targeting shared mailbox accounts despite the delegated user having access to the mailbox and despite the target application having the correct permissions in Azure Active Directory.

From my investigations this was caused by the Office365ApplicationScope failing to ask for the following permissions when attempting to get an oauth token (using the ‘interactivetoken’ argument):

Mail.ReadWrite.Shared
Mail.Send.Shared

Workaround - use postman to request a token for yourself from the azure app and specify that you need Mail.ReadWrite.Shared and Mail.Send.Shared in the ‘scope’ parameter. After approving, your account will then consent.

I think the Office365ApplicationScope assumes that an admin will grant permissions for shared mailboxes across the whole tenant, so it doesn’t need to ask for them. Can someone from the team aligned to this activity confirm/deny?

Hello, thanks for sharing! Could you pleas elaborate on the postman method setup in UiPath.

@loginerror hello, could you please look into this issue?

Thank you for catching this. We’ll issue a hotfix with the required permissions

2 Likes

Thanks @DeanMauro, much appreciated.

@DominicX Microsoft have a really good article about using postman with the graph API: https://docs.microsoft.com/en-us/graph/use-postman

There is a fairly large collection of requests in there you can import but the one that serves as an effective workaround for this is called ‘Get Access Token using Postman OAuth2’ (there is a guide on how to use this on the page as well).

As mentioned, when you click ‘get new access token’ there is a parameter called ‘scope’ and you pass the following space-seperated permissions: ‘Mail.ReadWrite.Shared Mail.Send.Shared’

The fix has been added and will be released on Monday.

2 Likes