mharb/azure-oauth2-accesstoken
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
mharb 51b73ead22 Update README.md
2025-03-18 17:53:12 -04:00
LICENSE
Initial commit
2025-03-18 17:43:51 -04:00
README.md
Update README.md
2025-03-18 17:53:12 -04:00

README.md

azure-oauth2-accesstoken

Abstract

In this project, we aim to document the manual generation of OAuth 2.0 tokens for utilization across various applications. This project will illustrate the creation of an OAuth 2.0 token specifically for interaction with Outlook O365 IMAP/SMTP services.

Motivation

Personal Outlook accounts no longer support authentication methods such as LOGIN or PLAIN. Instead, the XOAUTH2 protocol must be employed to read and send emails when utilizing third-party applications.

Requirements

A valid Microsoft account and a contemporary web browser are all that is required.

Process

  • Visit https://portal.azure.com
  • Log in to your Microsoft account
  • Click "View" next to Microsoft Entra ID, or search for Entra ID
  • Click "Add" and then click "App Registration"
  • Add a human-readable name
  • Select the second option for supported account types: Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)
  • Click "Register"
  • At the overview page under "Essentials," click "Add a certificate or secret"
  • Click "New client secret"
  • Add a human-readable name if you wish and desired token expiration period
  • Copy the secret value to a safe location as this is the last time you will be able to view it. Do not share this value with anyone as it is sensitive.
  • Click "API permissions" on the left of your screen
  • Click "Add permission," and then Microsoft Graph (or whichever API you need)
  • Click "Delegated permissions"
  • Use the search bar to add permissions related to the keywords "imap," "smtp," "mail"
  • Click on "Authentication" on the left side of your screen and click on "Mobile and desktop applications"
  • Toggle the first two radio boxes
  • Add a custom redirect to your app's URL. This will depend on your app, and you should consult the developers.
  • Click "Configure"
  • Populate the Entra client ID, secret value, and tenant ID as environment variables or configuration items in your OAuth2 compatible apps.

Testing

Perform a smoke test on the app registration by quickly generating a token with cURL. Note that this does not guarantee the app functions correctly; additional testing may be needed to verify delegated permissions.

curl -X POST https://login.microsoftonline.com/consumers/oauth2/v2.0/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=CLIENTID" \
-d "client_secret=CLIENTSECRET" \
-d "scope=https://graph.microsoft.com/.default" \
-d "grant_type=client_credentials"

Sample Cypht Config Snippet

OUTLOOK_AUTH_URI=https://login.live.com/oauth20_authorize.srf
OUTLOOK_CLIENT_ID=<client_id>
OUTLOOK_CLIENT_SECRET=<client_secret>
OUTLOOK_CLIENT_URI=https://domain.example/
OUTLOOK_REFRESH_URI=https://login.live.com/oauth20_token.srf
OUTLOOK_TOKEN_URI=https://login.live.com/oauth20_token.srf

Warning

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

TL;DR: Not my problem

License

The GPL V2 license applies to this project. All copyrights belong to their respective copyright holders and all trademarks belong to their trademark holders.

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.)
Description
Create an OAuth 2.0 token specifically for interaction with Outlook O365 IMAP/SMTP services
Readme GPL-2.0 38 KiB