‘Send Mail’ and ‘Get Mail’ will fail when targeting shared mailbox accounts despite the delegated user having access to the mailbox and despite the target application having the correct permissions in Azure Active Directory.
From my investigations this was caused by the Office365ApplicationScope failing to ask for the following permissions when attempting to get an oauth token (using the ‘interactivetoken’ argument):
Mail.ReadWrite.Shared
Mail.Send.Shared
Workaround - use postman to request a token for yourself from the azure app and specify that you need Mail.ReadWrite.Shared and Mail.Send.Shared in the ‘scope’ parameter. After approving, your account will then consent.
I think the Office365ApplicationScope assumes that an admin will grant permissions for shared mailboxes across the whole tenant, so it doesn’t need to ask for them. Can someone from the team aligned to this activity confirm/deny?
There is a fairly large collection of requests in there you can import but the one that serves as an effective workaround for this is called ‘Get Access Token using Postman OAuth2’ (there is a guide on how to use this on the page as well).
As mentioned, when you click ‘get new access token’ there is a parameter called ‘scope’ and you pass the following space-seperated permissions: ‘Mail.ReadWrite.Shared Mail.Send.Shared’
Is someone able to confirm to me that this is currently working for them?
I am trying to read emails from a mailbox delegated to my user. I have access to the mailbox and have given Mail.ReadWrite.Shared and Mail.Send.Shared permissions in Azure AD to my application. (I am able to access this mailbox manually and I’m able to use my own mailbox with Office 365 Application Scope.)
I am trying to use Office 365 Application Scope with InteractiveToken authentication type and Get Mail activity. I am only asked for ‘Read your mail’, ‘Read an write access to your mail’, ‘Send mail as you’, ‘View your basic profile’ and ‘Maintain access to data you have given it access to’ permissions (no mentioning of ‘Shared’ permissions). I get an access denied error.
Studio version: 2021.10.4 and UiPath.MicrosoftOffice365.Activities version: 1.11.1
I just did multiple tests using versions 1.9.0, 1.11.1, 1.12.1-preview and latest develop. I did two tests for each of the versions, one where i tried retrieving emails from a delegated mailbox and one where i tried the same from a shared mailbox.
Both worked for me. I am thus not sure why you are encountering the error.
Can you make sure that if you try to open the other mailbox using the web client of outlook365 you can do this?
Let me know how it goes. If you can access it then we need to look elsewhere for the error.
Also, can you please try using version 1.9.0 and letting me know if it works using this version?
Thank you so much for checking and sorry for the trouble.
Unfortunately it was a silly mistake from me, like SSavickas suggested, I was simply missing the ‘Shared’ selection from the first of the O365 scopes in the process - still after checking everything a hundred times.
Before noticing, I was also able to manually define the scope with Get access on behalf of a user - Microsoft Graph | Microsoft Learn ‘Get authorization’ and use the Uipath O365 activities as expected. In case this might prove useful to someone in another context.
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123