LargeFileUploadTask is returning an uploadUrl that results 401 Unauthorized #1923
Description
Describe the bug
Since yesterday (April 16, first report at 13:00 UTC) we have been receiving reports from customers that uploading attachments via our Outlook Add-In to a Draft Email Message is failing. Reports are still incoming.
We've investigated and the issue is that the Outlook API (https://outlook.office365.com/api/gv1.0) has started returning a 401 Unauthorized for the uploadUrl that createSession in LargeFileUploadTask returns.
I have a simple repro available here that just requires registration of an Azure Application but otherwise follows the Microsoft sample code:
https://github.com/aduggleby/LargeFileUploadTest
We have noticed that this was working again intermittently today, but as of right now this is failing again.
Expected behavior
LargeFileUploadTask should work as expected and the uploadUrl used should be correctly authenticated in the Outlook API.
How to reproduce
Clone this repo: https://github.com/aduggleby/LargeFileUploadTest
Then register an App in Azure App
- Go to the Azure Portal
- Navigate to "Azure Active Directory" > "App registrations" > "New registration"
- Name your application (e.g., "Graph Email App")
- Select the appropriate supported account types (usually "Accounts in this organizational directory only")
- Click "Register"
- After creation, note down:
- Application (client) ID
- Directory (tenant) ID
- Create a client secret:
- Go to "Certificates & secrets" > "New client secret"
- Add a description and choose an expiration period
- Save the secret value (only shown once!)
- Configure API permissions:
- Go to "API permissions" > "Add a permission"
- Select "Microsoft Graph" > "Application permissions"
- Add these permissions: Mail.ReadWrite, Mail.Send
- Click "Grant admin consent" after adding permissions
- Copy .env.example to .env, changing the variables based on above and also choose an email address available in your tenant.
Then run app with "npm run dev". It will try to send an email with the test.pdf in the repo.
SDK Version
3.0.7
Latest version known to work for scenario above?
No response
Known Workarounds
Currently none known.
Debug output
Click to expand log
```Currently the repro repo fails with 401 when run:
Authentication successful
Draft message created with ID:
Next expected ranges: [ '0-' ]
Uploading bytes 0-18809 of 18810
Upload failed: 401 Unauthorized
Error details:
Error: Error: Upload failed: 401 Unauthorized
at main (C:\Source\LargeFileUploadTest\app.ts:192:15)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
</details>
### Configuration
- OS: Windows
- Node: 20
### Other information
The uploadUrl has this format:
https://outlook.office365.com/api/gv1.0/users('xxx@xxx')/messages('xxx')?authtoken=xxx
It seems that there are reports online of this API not accepting the Authorization Bearer header which I assume is why the token is appended via authtoken parameter, but maybe this has now changed in the Outlook API?