Office 365 - MailKit - OAuth2 + SMTP/IMAP Authentication

Подписаться 1,2 тыс.

Просмотров 31 тыс.

50% 1

This is a third video
1: • How to connect to offi... Accessing Office365 with IMAP Authenticating with XOAUTH2 and Code flow
2: • How to connect to Off... Accessing Office365 with IMAP Authenticating with XOAUTH2 and Client Credential Flow
In this third video I made a better recap of how the flow works, as well as adding SMTP login with XOAUT2 and Code Flow.
Example code can be found here: github.com/alkampfergit/DotNe...
Official Microsoft Link: docs.microsoft.com/en-us/exch...
My Blog post on the subject: www.codewrecks.com/post/secur...

Наука

Опубликовано:

7 сен 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 33

@ToBetterSudan Год назад

This is really informative, Amazing video and awesome content please continue.

@hmtechsvc 5 месяцев назад

Amazingggggg!!!! Thank you soooo soooo much for this PERFECT proof of concept!!!

@Mohit-xl5qu Месяц назад

thanks a lot

@vijayg1627 Год назад

Hi can you explain me using pop3 or anyone using pop3 you can share it link it's really difficult for me to solve the issue.... I have already implemented service I just need to change authentication process using oath2.0

@saurabhchhabra8329 Год назад

Hey, Do we need to Register service principals in Exchange(PowerShell Part) in the case of Code Flow SMTP? I am using your code but still getting this error - 535 5.7.3 Authentication unsuccessful. If you have an suggestions that would be great.

@codewrecks Год назад

Sorry for the very late answer. With Code Flow you do not need to register a Service Principal, because in that scenario the user, using a code flow, will give to the service a token to impersonate him. Service principal is necessary when the service must access a mailbox without any user intervention.

@Fabio841115 Год назад

I have an app with an email module where users can configure their mail account e read the relative mails through IMAP. Which approch should I use to enable OAuth2 authentication? Client credential flow? Or Code Flow? Any suggestion about tokens refresh in this case? Tks in advance.

@codewrecks Год назад

Code flow, also if the app has some way to store a secret (ex secret storage) can store refresh token. Or you can simply restart code flow when the token expire, the user is usually still logged to AAD, and client app is still trusted, so the entire code flow should finish without user interaction. But I have very limited experience with device app

@Fabio841115 Год назад

@@codewrecks I haven't specified...it is a desktop web application, not a device app. So user mail account are stored in the database of the application and mailbox synchronized till they are logged in the web application. This Is the correct context.

@codewrecks Год назад

@@Fabio841115 code flow, you can avoid offline_access to keep access when the user is not logged. Usually a good technique is storing tokens in a cookie encrypted with a server key

@Fabio841115 Год назад

@@codewrecks Do you see any drawback using Client Credential Flow instead? Using this approach I'm not asking the final user to authorize himself to the Auth0 tenant before getting access token... So in my perspective I'm bypassing a step, but maybe I have a wrong vision of the entire process.

@codewrecks Год назад

@@Fabio841115 with client credential you do not have a token for the user, you have a token for the client app, and all users must delegate permission to the app, and the access is permanent

@FarhanAli-mh1lr Год назад

Just theory is good

@internetbusinessdepartment4548 5 месяцев назад

Thank you for sharing. I am currently facing a new issue: I cannot read emails from In Place Archive. Could you please help me if possible?

@codewrecks 5 месяцев назад

Which error do you get? Actually I never read mail from archived folder, but if you are able to read the standard inbox the login process is ok. Can you share more details?

@Philinnor Год назад

Thanks for the information. The git is a real mess though.

@Tegelzetter Год назад

I can't figure out how to send an email with OAuth for a Daemon app.

@GianMariaRicci Год назад

You need to have a user that complete code flow authentication with offline_access to have a token and refresh token for long time access. Or you need to perform a client authentication flow. This is the video with the instruction ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-bMYA-146dmM.html for only the client flow.

@AsadAliSohail13 Год назад

can i Convert user mailbos to shared mailbox for SMTP

@codewrecks Год назад

I think so but I'm not a real expert in O365 accounts management. You can delegate access to other account, so account X can access/manage/send message from another account

@chloesworld8467 Год назад

Hello there, I love the video and it basically gets me closer to what I'm trying to accomplish. I was wondering if you can assist with some requirements. I have a help Desk application(PHP/Laravel) that runs a cron job and pulls emails from gmail and others using IMAP. But I connect get it to work for Office 365. Always getting authentication issue.

@codewrecks Год назад

What error you are getting?

@chloesworld8467 Год назад

@@codewrecks It's saying that authentication failing.

@codewrecks Год назад

it can be a wrong XOAUTH2 or the application in azure does not have all required claims (or when you acquire the token you are not requestinng all the claims)

@chloesworld8467 Год назад

@@codewrecks Are you open to assistance?

@codewrecks Год назад

@@chloesworld8467 Sorry for the late response, in this period I'm very busy and I have no competence on PHP :/ I will not be so useful.

@shreys71055 Год назад

Hi, I am getting A1 Authenticate failed error

@codewrecks Год назад

Most common error, wrong claims in oauth2, unfortunately the error you got is generic and does not guide you on what exactly went wrong

@victormutisya5934 Год назад

Did you manage to get solution to this? Still getting the error as you

@shreys71055 Год назад

@@victormutisya5934 yes, have changed the permission in the azure added exchange online permission and inside service scope have added of office.online which is mention inside the documentation and then it worked.