This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 73%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJI%3C/text%3E%3C/svg%3E)
Code works correct with another o365 tennant but not this tennant.
Code flow is exactly as stated here https://learn.microsoft.com/nl-nl/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth
Debugging it I see the token verification works fine but my ews call to bind to a user inbox errors out with 403.
the email address is correct, mailbox has a license in o365, ews policy is enabled for all mailboxes.
i guess it must be a setting in o365 but what?
403 can be a result of an Application access policy blocking access to certain mailboxes. Read here for more details: https://practical365.com/new-application-access-policies-extend-support-for-more-scenarios/
It sounds like they have either disabled EWS on the Mailbox that you're trying to access, or they have limited the clients that are allowed to connect e.g., https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-control-access-to-ews-in-exchange . You can try testing EWS itself using a user account via the EWSeditor https://github.com/dseph/EwsEditor
it was simply an issue with the application ID being incorrect in AAD !
thanks for your help guys.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @john in t veld ,
Glad to know that your issue is resolved now! Since our forum has the policy that The question author cannot accept their own answer, I would make a brief summary of this post so that other forum members could easily find useful information here:
Issue Symptom:
oAuth ews o365 - error 403 forbidden
the application ID being incorrect in AAD
Solution:
Change to the correct application ID
You could "Accept Answer" for this summary to close this thread, and your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding!
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.