How to connect to Office 365 with IMAP, Oauth2 and Client Credential Grant Flow 

You are so welcome

New-ServicePrincipal was downloaded once you connected to your tenant, maybe MS changed this and included in the base module :), it was one of the most annoying thing for me, because I was trying using a tenant where I had insufficient permission and I got in return that New-ServicePrincipal was not recognized (a message like "you do not have enough privilege would have been welcomed") For the "how laborious MS", I can agree, but this is OAuth2 standard, it is really more work to do, but in the end it is more secure, and given that EMails are an important asset, I really appreciate that they took a bald move and made it a Must. A more comprehensive documenation and extensive examples would have been made the transition easier.

@@codewrecks thanks!!, I was stuck at this point and the problem was that my user did not have the necessary permissions in the tenant😘

​@@codewrecks Grazie mille per il video. Sono però bloccato con il comando "New-ServicePrincipal" che non riesce ad essere riconosciuto come cmdlet valido. Ho installato tutti i moduli powershell necessari; lato User l'ho abilitato ad ogni permesso e ruolo possibile sul Tenant, mi domando quindi se ci sono suggerimenti specifici per poter superare la problematica. Grazi mille

Nel mio caso erano permessi insufficienti (ma potrebbe anche essere forse essersi connessi ad un tenant sbagliato). Purtroppo se qualche cosa non va (usualmente permessi) l'errore è quello invece di cmdlet non presente, che è abbastanza fuorviante.

@@GianMariaRicci Sto effettivamente indagando sui permessi del tenant (è unico e ho già verificato tramite ID di collegarmi a quello ove è presente la mia app). A memoria, ricordi per caso quali fossero i permessi necessari? Io utilizzo un utente che oltre ad essere TenantAdminn è anche: Company Administrator, Exchange Administrator, Security Administrator, Privileged Role Administrator. Grazie mille

Yes, some stuff changed since the video was recorded, thanks for the clarification.

I am not so familiar with Visual studio he used here and I am lost as to how he got to all these commands and which templates he used. I mean the visual studio part. Can you help with where all those commands come from, How I can replicate it on my Visual studio?

Actually the problem is that OIDC and OAUTH2 were standard from long time but very few developer study them to use in their application. Google and other big player are gradually enforcing OAUTH2 everywhere. The real problem is that we lacked an official C# library with really clear step by step instruction on how to put everything in place. Also some of the CMDLet for sharepoint were released late generating a lots of confusion :(

I hope you don't mind but i'm planning on doing a video on this as well :D

Never tried, I've always give permission to individual mailboxes

Glad it helped!

You need to use the Azure subscription used by your Office 365 subscription.

You are connected to the wrong azure tenant, or your account has not the right permission so you cannot create new principal

You do not need any special code to configure outlook, just open outlook and add your email and Outlook will be done everything for you.

I assume a basic knowledge of OIDC, well-known url are url that gives information about a special services, if you have an Identity Provider you usually append "/.well-known/openid-configuration" at the end of the url to have a json that gives you all the details of the provider (all the various url to grab token, etc etc).

No, outlook supports oauth2 without any additional configuration

You need to let someone that is administrator run the powershell, or it can't work

You probably don't have the right branch

@@badatgaems hi, yes wrong video, do you have any reference or example for how to authenticate with OAuth 2 to send an email (SMTP)?, thanks

@@sergioavendano6235 Microsoft SMTP doesn't support OAuth 2 yet unfortunately. Luckily SMTP won't be deprecated as IMAP will. Though you could switch to using an SMTP connector instead depending on your usecase if you really want something different.

@@sergioavendano6235 if you are interested I've code to use OAuth2 with SMTP too, even if standard Auth will not be deprecated

@@codewrecks Yes, please if possible send me the link of the example for smtp and OAuth2, thank you

classic error is using the wrong claim, or maybe the XOAUT2 token is not created correctly by php library.

Can you update me if you found some solution? I have the same issue

@@gabrusalona hi did you see my reply? It seems to have been deleted for some reason?

@@AthelstanEngland I do

You are probably connected to the wrong directory, you need to connect to Azure active directory connected to you O365 account

If I understood the question, probably is lack of permission on the tenant, or wrong tenant (you need to use tenant used by the office365 subscription)

What do you mean with "office get mail"?

Well, usually it is Wrong permission on the app or Wrong claim in the request. Also try to run again powershell to give correct permissions to the app

As far as I know the most probably reason is: you are in a Azure Tenant that has no Office365 account (it happens if you have multiple tenant in Azure so you need to change directory, click on your avatar top right of the page and "change directory")

Sorry but I do not know/use the EWS API, I needed code to use basic IMAP / SMTP communication but I think that the process is the very same, once you obtained the token usually you set into a special header stackoverflow.com/questions/22229996/basic-http-and-bearer-token-authentication

Probably that azure account is not connected to an Office 365 account, so there is no exchange api because there is no exchange.

ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-Q660AYVZM0Y.html Sorry for late response

I'm happy that the video was useful.

I'm planning to record it in the next days, it is really similar to the other one, but it could be useful for people (actually SMTP with basic auth is not going to be deprecated)

Hi actually I have the code running (I had almost three days with no connection so I had problem running the code) You can try develop branch in this repository github.com/alkampfergit/DotNetCoreOauth2/tree/develop it has a super basic HTML page answering at sample-oauth2 url. Remember also that SMTP is available only with code auth flow (the one requiring the user to click authorization link)

I've made a video with a BIG recap as well as the code for SMTP ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-hOgvTDKKgnY.html

That is a generic error, it could happen if the token is not valid or the application has not the correct permissions. Sadly enough, the remote server does not tells you what it does not like and throws a generic auth error (not giving further details)

@@codewrecks oauth.IsAuthenticated = false. Any tips you can offer to help track this down? Thanks for the help!

@@toddmueller Did you manage to solve the "Authentication Failed" issue? I faced the same problem.

@@ruzannamartirosyan351 Not yet. I'm still talking to Microsoft about it. More than likely it's a config issue. Once I have more details, I'll share.

0_O

If you have an Office 365 account you have your Azure Active directory associated to that subscription.

@@codewrecks Cool. I think I've found it... But...why have MS made it so bloody complicated...!? Very little of the nonsense it asks for makes much sense to me...

You can find code here github.com/alkampfergit/DotNetCoreOauth2/tree/develop just look for the sample-oauth2 controller. Video is coming.

ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-hOgvTDKKgnY.html

What is the value of $MyApp.ObjectId? It seems that it is not what it expected, because is really too long.

Glad it was helpful!