I am using connected system with Oauth2.0 to connect to office365 and get the calendars i m able to authorize using connected system however when testing the base url I get the below error
Appian was not able to authenticate with the access token you provided. This request requires Bearer authentication. HTTP/1.1 401 Unauthorized Next Steps
When i run the authorization its executes successfully. Has any one seen this issue before or can someone share the Oauth2.0 configuration related to outlook ( For outlook defining a scope is mandatory)
Discussion posts and replies are publicly visible
Is it difficult to integrate outlook in appian?
It depends, you need appian and Outlook/Azure team to collaborate to integrate it.
I need Outlook/Azure team? can you please explain that to me if it's not a bother
You need your Azure team to create a connected system on Azure, grant access to outlook features, create graph API for outlook , provide credentials and API tokens your appian team will use the tokens as a constant to be able to connect to API, create process models and other objects to use outlook data.
Thanks for the info.
Could you please explain a bit on the below:
Getting the bearer token
This is the Microsoft URL that supplies the token: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-authorization-code
I hope you are doing well.
I was able to generate the token but getting authorization issue when i try to access the API. Attached is the integration error i am getting. Thanks.
Check the permission given to the API in Azure Portal.
Agreed, the required permissions are listed here:
There is another error message that says " Authorization Request denied, insufficient privileges to perform the operation"
Here is the configured permission in Azure AD.
What type of connection mechanism are you using to connect to graph API, is it client credentials grant type or authorization code grant flow? I have it working as a client credentials grant type based on the inputs received from Steven Miccile check the post above for steps. If you are using client credential grant type then you need 2 integration objects one will get the token using POST method and store it in a constant and second will perform a GET request and use the stored token to get data from Azure connected system.
I'm using the 1st approach. I've followed the above steps to generate the token using POST method and also i was able to successfully ping "https://graph.microsoft.com/v1.0".
I'm getting the error when i try to access my user profile or my calendar such as like below.
https://graph.microsoft.com/v1.0/users/<my-email>/calendarview?startdatetime=<start time>&enddatetime=<end time>
Don't try to pull in too much of data it does error out if calendars of more than 2.5 years are requested.
Based on this screenshot, your Azure setup is for "Delegated" permissions which is on behalf of the logged in user you would need an OAuth Authorization Code connected system in Appian (NOT client credentials). Even so, the permissions are not enough since the /users API requires a minimum of User.ReadBasic.All which has not been granted based on the picture.
If you want to use OAuth Client Credentials grant type for a service account type integration, the Azure permissions must be "Application" and not "Delegated".
Steven Miccile Thank you for your help. Per your instruction I've changed the Azure permissions from "Delegated" to "Application" and i was able to access the graph API. Thank you.
Hi Steven Miccile, Ankur VI'm trying to integrate outlook calendar with Appian and followed the above steps with 2 integration objects. I'm able to retrieve the token using first Integration object, but when i invoke the second integration object with the token I'm getting below error. I had stored the Bearer token in ri and passing the same in header.
Permissions defined in Azure portal.
You can always throw the token into https://jwt.io/ to see if it actually has the permissions you think it does.
Hi Steve / Simon,
This is very useful source, i'm on the same steps now.
I've configured my Appian app on Azure AD using app registration and its integrated with SAML authentication for SSO, would like to call Graph API from Appian process model to create a user thru Appian application.
I'm trying to confirm the steps on Appian side of configurations. It will be helpful if someone can correct / confirm the approach below.
1. Create a HTTP connected system object. As its more on application level since Graph API will be called with application permission using service account, I assume preferred authentication method will be "Oauth2.0: Client Credentials Grant"?
Not sure, what we need to enter on "Scope" and "Token Request Endpoint" where to find and get this data(Azure?)
Rest of the steps include creating the service account and Integration object? It will be helpful if you can share the steps what other Appian objects to be created to call/test Graph API from Appian(Any KB / Appian doc link), please...
My previous comment lists out the most likely token endpoint (https://login.microsoftonline.com/<INSERT_ORG_SPECIFIC_URL>/oauth2/v2.0/token) and scope (https://graph.microsoft.com/.default):
It has been a few years, but last time I tried, I could not get the Appian "Oauth2.0: Client Credentials Grant" feature working with Graph, which typically means they are not following the OAuth spec exactly. Instead, you can set authentication to "none" in the Connected System, then use one Appian integration object to get the token then pass that token to another Appian integration object that calls the resource. That is what I outlined in my previous comment.
The rest of the setup is specific to the Graph API you are calling for which you will need to look at Microsoft documentation. A good first step is to set up the calls in Postman to take Appian out of the equation before setting up your Appian integration objects.
© 2021 Appian. All rights reserved.