Page MenuHome GnuPG
Create Task
Maniphest T8024

Port away from EWS API usage
Open, HighPublic
Actions

Description

For mailbox access we are currently using the permission EWS.AccessAsUser.All and SOAP-based API-calls to https://outlook.office365.com/EWS/Exchange.asmx. This constitutes two major problems:

  1. This permission cannot be obtained for personal accounts (https://us-kb.sage.com/portal/app/portlets/results/viewsolution.jsp?solutionid=221924560117216)
  2. Access by "non-Microsoft apps" to the Exchange online EWS API is scheduled to be retired Oct 1st 2026 (https://devblogs.microsoft.com/microsoft365dev/retirement-of-exchange-web-services-in-exchange-online/)

Both problems seem to require us to fully move to the "Microsoft Graph" API (Json based API-calls).

Action plan:

  • Get confirmation from Microsoft that we really have a correct understanding of their terminology, i.e. we are going to be affected by the EWS retirement, despite technically obtaining our permission token via the MS Graph API
    • Yes, response from MS: we are going to be affected
  • Determine whether there are any relevant scenarios (EWS on premises?) where we cannot rely on MS Graph API: Do we need to support both APIs / do we need an abstraction layer?
    • Yes, response from MS: Exchange on premises will continue to support EWS-API, only.
  • Determine which exact API calls we actually need (current EWS-based implementation seems to be based on 3rd-party code that seems to cover substantially more than what we need), and whether there exists a non-bloated library for that
    • We actually need a smallish set of calls, only (see comment)
  • Based on the above: Port our code
    • Port is complete, but needs testing & review: work/tfry/apiabstraction
  • Test / come up with a testing matrix for relevant setups

Related Objects

Event Timeline

tfry triaged this task as High priority.Fri, Jan 9, 8:31 AM
tfry created this task.
tfry mentioned this in Unknown Object (Maniphest Task).Mon, Jan 12, 9:38 AM
tfry added a comment.Thu, Jan 15, 11:30 AM

EWS-API used in our code (CPP-wrappers -> description / our usage):

  • EwsGetItemRequest -> get message(s) (one or several; mime content and parent folder id)
  • EWSMessageDispatcher -> just a wrapper around:
    • EwsCreateItemRequest -> "Send message and save copy"
  • Used by reencrypt, only:
    • EwsGetFolderRequest -> Apparently just gets the id and label of a folder
    • EwsCreateFolderRequest -> create new folder; includes indication whether that name already existed
    • EwsGetFolderContentRequest -> get all mails in a folder; additionally uses:
      • EwsFindItemRequest -> obtain list of messages in a folder (does not list subfolders)
    • These two just needed to create (reencrypted) messages without having them appear as new
      • EwsCopyItemRequest -> copy existing message from one existing folder to another
      • EwsUpdateItemRequest -> used to replace mime content of message, without change status (new/read...)
tfry mentioned this in Unknown Object (Maniphest Task).Mon, Jan 19, 10:03 AM
tfry updated the task description. (Show Details)Mon, Jan 19, 10:55 AM
tfry updated the task description. (Show Details)Wed, Jan 21, 1:38 PM
tfry mentioned this in Unknown Object (Maniphest Task).Mon, Jan 26, 9:37 AM
tfry mentioned this in rOJ4b75d756017e: Port usage to Graph-API, with a fallback to EWS for on-premises installations.Wed, Jan 28, 1:41 PM
tfry updated the task description. (Show Details)Wed, Jan 28, 2:51 PM
tfry mentioned this in D627: Port away from EWS API usage / abstraction to use either Graph API or EWS API.Thu, Jan 29, 3:10 PM