Graph endpoint url for full_access_as_app

Question

Need graph endpoint url for full_acces_as_app, please assist on this

Answer 1

Hi @Harish tej

After some research, I helped you sort out how it works.

First, the full_acces_as_app application permission is only available in the EWS api, please note that this is not the Graph api. It supports full access to all mailboxes via the EWS api in unattended scenarios.

You need to go to Azure AD>App registrations>your app>API permissions blade and enter Office 365 Exchange Online in APIs my organization uses, next you can find the full_acces_as_app in application permissions and add it.

Finally, you need to use OAuth to authenticate the EWS application and get an access token, then explicitly impersonate the mailbox you want to access and call the EWS api to access the mailbox information.

using Microsoft.Exchange.WebServices.Data;  
using Microsoft.Identity.Client;  
using System;  
using System.Configuration;  
  
namespace EwsOAuth  
{  
    class Program  
    {  
        static async System.Threading.Tasks.Task Main(string[] args)  
        {  
            // Using Microsoft.Identity.Client 4.22.0  
            var cca = ConfidentialClientApplicationBuilder  
                .Create(ConfigurationManager.AppSettings["appId"])  
                .WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])  
                .WithTenantId(ConfigurationManager.AppSettings["tenantId"])  
                .Build();  
  
            var ewsScopes = new string[] { "https://outlook.office365.com/.default" };  
  
            try  
            {  
                var authResult = await cca.AcquireTokenForClient(ewsScopes)  
                    .ExecuteAsync();  
  
                // Configure the ExchangeService with the access token  
                var ewsClient = new ExchangeService();  
                ewsClient.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx");  
                ewsClient.Credentials = new OAuthCredentials(authResult.AccessToken);  
                ewsClient.ImpersonatedUserId =  
                    new ImpersonatedUserId(ConnectingIdType.SmtpAddress, "******@contoso.onmicrosoft.com");  
  
                //Include x-anchormailbox header  
                ewsClient.HttpHeaders.Add("X-AnchorMailbox", "******@contoso.onmicrosoft.com");  
  
                // Make an EWS call  
                var folders = ewsClient.FindFolders(WellKnownFolderName.MsgFolderRoot, new FolderView(10));  
                foreach(var folder in folders)  
                {  
                    Console.WriteLine($"Folder: {folder.DisplayName}");  
                }  
            }  
            catch (MsalException ex)  
            {  
                Console.WriteLine($"Error acquiring access token: {ex}");  
            }  
            catch (Exception ex)  
            {  
                Console.WriteLine($"Error: {ex}");  
            }  
  
            if (System.Diagnostics.Debugger.IsAttached)  
            {  
                Console.WriteLine("Hit any key to exit...");  
                Console.ReadKey();  
            }  
        }  
    }  
}  

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.