How to connect to Office 365 with IMAP, Oauth2 and Client Credential Grant Flow
Ғылым және технология
You can find a blog post on my english blog at this address www.codewrecks.com/post/secur... that has a recap.
Code use in the video is on my GitHub repository (github.com/alkampfergit/DotNe...) that explain how to use OAUT2 to obtain a User Token that can be used to access Office 365 with IMAP protocol and OAuth2.
This is needed because Microsoft will deprecate and remove the basic authentication.
This is a practical implementation of official instructions docs.microsoft.com/en-us/exch... with the complete code to perform OAuth2 Client login.
Пікірлер: 125
I can't overstate how helpful this video was. Thank you!
One of the best instructions I've seen so far. Thank you!
Tonight i will be praying and saying thank you that you exist and created this video. i was struggling so much, this REALLY helped me a lot THANK YOU!
@codewrecks
Жыл бұрын
You are so welcome
You were an absolute life saver. Thank you so much for making a really complex issue, thnx to MS, clear for mere mortals like me.
An excellent video turned out, everything is well thought out, a very clear instruction turned out)))
Thank you so much! You saved my day yesterday with this video! Blessings to you in all you do! YAY!
Thank you, This is a brilliant and clear explanation of how to get MS OAuth2 connected to Outlook Office 365. You may have just saved my job.
@babatundeafolabi5340
Жыл бұрын
I am not so familiar with Visual studio he used here and I am lost as to how he got to all these commands and which templates he used. I mean the visual studio part. Can you help with where all those commands come from, How I can replicate it on my Visual studio?
BROTHER, YOU ARE THE BEST!!! You oooh really helped me!! THANK YOU VERY MUCH!
Thanks a lot for your help. We were execatly looking for this.
You did a great job with this video.
Thank you so much. This was fantastic. Great Job!!
This really helped us…works fab…thank u very much !!!
Thank you so much this helped a lot!!!! You saved my life
This was very helpful, Thank you.
Thanks for this video. You helped me a lot
Thank you, it works perfect!
Amazing! It saved my day! Thanks a lot. :)
Thanks! It's a very useful video!
Wow! it's Amazing I did it well ! Perfect work !
Sooo helpful! Thank you!
This is great, thank you!
Thank you for this. It saved me a ton of time and frustration.
@codewrecks
Жыл бұрын
Glad it helped!
Really really helpful, thank you! By now you can skip the -PreRelease flag as those powershell modules are generally available. Also I found that you don't need the Graph API module at all.
@codewrecks
Жыл бұрын
Yes, some stuff changed since the video was recorded, thanks for the clarification.
it worked! thank you so much!!
Brilliant, saved me so much time.
@codewrecks
Жыл бұрын
I'm happy that the video was useful.
hanks lot Sir.. You helping us..
Legendary. Thank you very much
Wow it is really helpful! Thanks!
@codewrecks
Жыл бұрын
Glad it was helpful!
This was so helpful, the MS documentation is severely lacking and I was looking for a way of doing this. I didn't look at your code until after i'd finished my own example of doing this in C# but it ended up being somewhat similar.
@bluehippotech
Жыл бұрын
I hope you don't mind but i'm planning on doing a video on this as well :D
Really great work, helped me a lot! Why oh why did MS make it so hard to manage a imap connection in office 365
Thank you so much, you saved my day!
I can't belive that Microsoft made this difficult for us to connect to azure and be able to read a mailbox. All those steps outside the project (powershell commands and so) with what purpose? Just to add difficult to the process. Thanks man! nice video.
@codewrecks
6 ай бұрын
Actually the problem is that OIDC and OAUTH2 were standard from long time but very few developer study them to use in their application. Google and other big player are gradually enforcing OAUTH2 everywhere. The real problem is that we lacked an official C# library with really clear step by step instruction on how to put everything in place. Also some of the CMDLet for sharepoint were released late generating a lots of confusion :(
Excellent Keep it up Thanks
yo bro, really thankya. Big respect
Thank you very much
Fantastic stuff here! Thanks so much for creating. This worked for me. I will add that I had to run: Install-Module -Name AzureADPreview -AllowClobber to install the preview version which I believe includes the New-ServicePrincipal cmdlet. I also had to add: Install-Module -Name PackageManagement -Repository PSGallery -Force Install-Module -Name PowerShellGet -Repository PSGallery -Force to enable the -prerelease switch to work. Crazy how laborious MS made it to read an email account!
@codewrecks
Жыл бұрын
New-ServicePrincipal was downloaded once you connected to your tenant, maybe MS changed this and included in the base module :), it was one of the most annoying thing for me, because I was trying using a tenant where I had insufficient permission and I got in return that New-ServicePrincipal was not recognized (a message like "you do not have enough privilege would have been welcomed") For the "how laborious MS", I can agree, but this is OAuth2 standard, it is really more work to do, but in the end it is more secure, and given that EMails are an important asset, I really appreciate that they took a bald move and made it a Must. A more comprehensive documenation and extensive examples would have been made the transition easier.
@livingdeathD
Жыл бұрын
@@codewrecks thanks!!, I was stuck at this point and the problem was that my user did not have the necessary permissions in the tenant😘
@ciaocato
Жыл бұрын
@@codewrecks Grazie mille per il video. Sono però bloccato con il comando "New-ServicePrincipal" che non riesce ad essere riconosciuto come cmdlet valido. Ho installato tutti i moduli powershell necessari; lato User l'ho abilitato ad ogni permesso e ruolo possibile sul Tenant, mi domando quindi se ci sono suggerimenti specifici per poter superare la problematica. Grazi mille
@GianMariaRicci
Жыл бұрын
Nel mio caso erano permessi insufficienti (ma potrebbe anche essere forse essersi connessi ad un tenant sbagliato). Purtroppo se qualche cosa non va (usualmente permessi) l'errore è quello invece di cmdlet non presente, che è abbastanza fuorviante.
@ciaocato
Жыл бұрын
@@GianMariaRicci Sto effettivamente indagando sui permessi del tenant (è unico e ho già verificato tramite ID di collegarmi a quello ove è presente la mia app). A memoria, ricordi per caso quali fossero i permessi necessari? Io utilizzo un utente che oltre ad essere TenantAdminn è anche: Company Administrator, Exchange Administrator, Security Administrator, Privileged Role Administrator. Grazie mille
Amazing demo, thank you very much for that. Just a question, in the PowerShell command to add the app permission to the mailbox. Can I add a group with multiple email accounts?
@codewrecks
Жыл бұрын
Never tried, I've always give permission to individual mailboxes
THANKS!
Works well!! DANKEEE
Thanks for this. However, do you have / does anyone has a Java version of reading the mailbox?
How are we supposed to understand how this Principal works only with Microsoft documentation ? I hope I will be able to use OAuth authentication in my application to connect to mailbox in imap, thanks to that video.
hey, i`ll look like MS updated Azure, can`t find IMAP, there is no Office 365 Exchange Online in the selection.
U BEST!!!
Perfect!
I am getting "Internal error: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret" when I use the link to login. When I try and access an account by passing in the email it says "No token available" which I assume is down to the first problem.
Can you post the link of your previous video please?
Great! Can you also share the steps for applications connecting through EWS
@codewrecks
Жыл бұрын
Sorry but I do not know/use the EWS API, I needed code to use basic IMAP / SMTP communication but I think that the process is the very same, once you obtained the token usually you set into a special header stackoverflow.com/questions/22229996/basic-http-and-bearer-token-authentication
Very informative; However the code portion is difficult to follow. What is the WellKnownConfigurationHandler; I have looked at the code and am getting lost. Thanks
@GianMariaRicci
Жыл бұрын
I assume a basic knowledge of OIDC, well-known url are url that gives information about a special services, if you have an Identity Provider you usually append "/.well-known/openid-configuration" at the end of the url to have a json that gives you all the details of the provider (all the various url to grab token, etc etc).
If i follow your video will this be able to work with outlook I mean i want to configure office365 email in outlook using imap
@codewrecks
Жыл бұрын
You do not need any special code to configure outlook, just open outlook and add your email and Outlook will be done everything for you.
Do I have made this configuration to read the email from Outlook....please let me know asap😢
@codewrecks
11 ай бұрын
No, outlook supports oauth2 without any additional configuration
I get the error not recognized "New-ServicePrincipal" on power shell .. what could be the reason bro ?
@codewrecks
Жыл бұрын
You are connected to the wrong azure tenant, or your account has not the right permission so you cannot create new principal
Hello, the source code/example from git do not have the option for 365-get-mail-client-flow in Swagger, do you know why?, any idea how can i get that option to test the functionality?, thanks
@badatgaems
Жыл бұрын
You probably don't have the right branch
@sergioavendano6235
Жыл бұрын
@@badatgaems hi, yes wrong video, do you have any reference or example for how to authenticate with OAuth 2 to send an email (SMTP)?, thanks
@bluehippotech
Жыл бұрын
@@sergioavendano6235 Microsoft SMTP doesn't support OAuth 2 yet unfortunately. Luckily SMTP won't be deprecated as IMAP will. Though you could switch to using an SMTP connector instead depending on your usecase if you really want something different.
@codewrecks
Жыл бұрын
@@sergioavendano6235 if you are interested I've code to use OAuth2 with SMTP too, even if standard Auth will not be deprecated
@sergioavendano6235
Жыл бұрын
@@codewrecks Yes, please if possible send me the link of the example for smtp and OAuth2, thank you
Do you have to have Azure for this to work? Don't know anything about Azure. We just have an Office365 account and a .NET service running on a server in the background which handles sending emails. This uses net.mail.smtp currently but that can't use OAUTH as far as I can see.
@gabrusalona
Жыл бұрын
Can you update me if you found some solution? I have the same issue
@AthelstanEngland
Жыл бұрын
@@gabrusalona hi did you see my reply? It seems to have been deleted for some reason?
@gabrusalona
Жыл бұрын
@@AthelstanEngland I do
I did the post request and got the access_token but then I get "Authentication failed" when I try to access in IMAP through imap_open in php 7. How is that possible?
@codewrecks
Жыл бұрын
classic error is using the wrong claim, or maybe the XOAUT2 token is not created correctly by php library.
I have follow the same instructions that you provided still getting Authentication failed error , can you please provide suggestion
@codewrecks
Жыл бұрын
Well, usually it is Wrong permission on the app or Wrong claim in the request. Also try to run again powershell to give correct permissions to the app
why i can't find Office 365 Exchange Online in my APIs my orgainization uses?
@codewrecks
Жыл бұрын
As far as I know the most probably reason is: you are in a Azure Tenant that has no Office365 account (it happens if you have multiple tenant in Azure so you need to change directory, click on your avatar top right of the page and "change directory")
Can you please make a similar video for OAUTH implementation for SMTP Protocol to send mails. Somehow it is not working for us.
@codewrecks
Жыл бұрын
I'm planning to record it in the next days, it is really similar to the other one, but it could be useful for people (actually SMTP with basic auth is not going to be deprecated)
@codewrecks
Жыл бұрын
Hi actually I have the code running (I had almost three days with no connection so I had problem running the code) You can try develop branch in this repository github.com/alkampfergit/DotNetCoreOauth2/tree/develop it has a super basic HTML page answering at sample-oauth2 url. Remember also that SMTP is available only with code auth flow (the one requiring the user to click authorization link)
@codewrecks
Жыл бұрын
I've made a video with a BIG recap as well as the code for SMTP kzread.info/dash/bejne/moOb2LZ9e67Nnrw.html
I cannot find office 365 exchange online option in apis my organisation uses. Can you help?
@codewrecks
Жыл бұрын
You are probably connected to the wrong directory, you need to connect to Azure active directory connected to you O365 account
im not getting option for office exchange in api permission how to configure that
@codewrecks
Жыл бұрын
Probably that azure account is not connected to an Office 365 account, so there is no exchange api because there is no exchange.
Thanks for your video , get mail client flow works fine , but office get mail doesn't work , received this message error "No token available" Could you help me. Best regards
@codewrecks
Жыл бұрын
What do you mean with "office get mail"?
I dоwnloaded everything is okay
I followed your example and have run into this issue. MailKit.Security.AuthenticationException: 'Authentication failed.' Has anyone come access this issue?
@codewrecks
Жыл бұрын
That is a generic error, it could happen if the token is not valid or the application has not the correct permissions. Sadly enough, the remote server does not tells you what it does not like and throws a generic auth error (not giving further details)
@toddmueller
Жыл бұрын
@@codewrecks oauth.IsAuthenticated = false. Any tips you can offer to help track this down? Thanks for the help!
@ruzannamartirosyan351
Жыл бұрын
@@toddmueller Did you manage to solve the "Authentication Failed" issue? I faced the same problem.
@toddmueller
Жыл бұрын
@@ruzannamartirosyan351 Not yet. I'm still talking to Microsoft about it. More than likely it's a config issue. Once I have more details, I'll share.
🥳
I'm unstoppable I'm a Porsche with no brakes
@codewrecks
Жыл бұрын
0_O
For once, the software is actually really useful
MS again doing something without doing their homework...
How do you access POP3 after Oct 2022 if you don't have an Azure account...?
@codewrecks
Жыл бұрын
If you have an Office 365 account you have your Azure Active directory associated to that subscription.
@PA-lf8sd
Жыл бұрын
@@codewrecks Cool. I think I've found it... But...why have MS made it so bloody complicated...!? Very little of the nonsense it asks for makes much sense to me...
HI @CodeWrecks, could I get the SMTP OAUth2 sample code as well please, let me know hwo you want to send that code.
@codewrecks
Жыл бұрын
You can find code here github.com/alkampfergit/DotNetCoreOauth2/tree/develop just look for the sample-oauth2 controller. Video is coming.
@codewrecks
Жыл бұрын
kzread.info/dash/bejne/moOb2LZ9e67Nnrw.html
Well, I am freezer in this point the message: New-ServicePrincipal: |Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException|ExternalDirectoryObjectIdRaw: The length of the property is too long. The maximum length is 256 and the length of the value provided is 1269. Someone could help me?
@GianMariaRicci
Жыл бұрын
What is the value of $MyApp.ObjectId? It seems that it is not what it expected, because is really too long.
This is great, thank you!