Office 365 + OAuth 2.0 + EWS

Question

Hi,

Are there any code examples for accessing an Office 365 mailbox using EWS with an OAuth 2.0 token.

Everything is configured correct in Azure AD with regard to creating a RegisteredApp with the correct permissions.

I can obtain a token using Postman (see below), but when I pass the access_token value to EWS.Login(token, EwsAuthentication.OAuth20) I get the error "OAuth token is invalid (invalid_token)".

{
    "token_type": "Bearer",
    "expires_in": "3599",
    "ext_expires_in": "3599",
    "expires_on": "1582880341",
    "not_before": "1582876441",
    "resource": "https://outlook.office365.com",
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6Im45dW1aeWl4bmM5RVJyeVpnVnQ1N3JPcTdwcFVLQkRMOTZjaEFSYnpUT0kiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQzZDQ0YWY5LWRmZjItNGZiOC04OGI0LWU1MGFiM2ExYjQxYS8iLCJpYXQiOjE1ODI4NzY0NDEsIm5iZiI6MTU4Mjg3NjQ0MSwiZXhwIjoxNTgyODgwMzQxLCJhaW8iOiI0Mk5nWUlqN0tKLzd5ckdvZVBwYjJVZHlQOTZMQUFBPSIsImFwcF9kaXNwbGF5bmFtZSI6IkVESSBMZWdhY3kgQXBwIE9BVVRIIiwiYXBwaWQiOiI2YTIxNTUxOC02YjIxLTQ1ZGMtYWJjOC04YzQyMTMzMGRmZTQiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80M2Q0NGFmOS1kZmYyLTRmYjgtODhiNC1lNTBhYjNhMWI0MWEvIiwib2lkIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwicm9sZXMiOlsiTWFpbC5SZWFkV3JpdGUiLCJNYWlsLlJlYWQiLCJNYWlsLlNlbmQiXSwic2lkIjoiNjMwODlkY2UtNDg3MC00MjIyLWFlMzktMGM2ZDg4MDAxMDE3Iiwic3ViIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwidGlkIjoiNDNkNDRhZjktZGZmMi00ZmI4LTg4YjQtZTUwYWIzYTFiNDFhIiwidXRpIjoiTE44bXhRcGF2a0NsU2FJdjEwNHZBQSIsInZlciI6IjEuMCJ9.YslJwwD1mvhj6UJXAhB4waop80Sx1TrqLNrxLhzf_jiFS8oclEUXx3_Zdvo7dFCL4JRouDHio7jtRRa9Yym329fsOOBU3IxWHfRi6twEWAHab84olBrZrqinGfBtiameECscdRMj9n0kCScUCVdDOHtgIs9QZUxy_EH70HO945PEnZyEx0eIEXNG7HHOFld6plgeD6BmU4dFNvI5UW73TlRSm8PRuFhSGQT1CYjyPeSMqA-u9lGNfNuUFG1eNCGFuTdwyG8d1TLPIuwIeRLhyMVfkFv2JW-mv_0GhtO9R_Q63UmxuYvJfIQT0XHEKQhEsROm-4twaPCjlpx7ZUhQfw"
}

I've also tried programatically to obtain the token using the code below with no success.

AuthenticationContext authContext = new AuthenticationContext(String.Format("https://login.microsoftonline.com/{0}", _tenantId));
ClientCredential clientCredential = new ClientCredential(_clientId, _clientSecret);
AuthenticationResult authResult = authContext.AcquireTokenAsync("https://outlook.office365.com", clientCredential).Result;
EWS.Login(authResult.AccessToken, EwsAuthentication.OAuth20);

Any help greatly appreciated!

Comments

hey,
I can see you resolved your own problem :) Would you be able to share how you request a token from EWS using postman?
Thanks!

---

This might not be relevant to Postman, but we now have sample apps that show EWS + OAuth 2.0 flow using custom code (https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2) and using Microsoft.Identity.Client API (https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2_IdentityClient).

---

Hi Lukas,

The blog article mentioned in both of the above (see below) no longer exists, do you have an updated URL?

https://blog.rebex.net/oauth2-office365-rebex-mail

Thanks

---

Actually, the accompanying article is going to be published next week. I just published the source code few days earlier in hope it would be useful anyway. Sorry for the inconvenience! I'll post an update when the article appears.

---

@Lukas thanks! Ill have a look

---

We just published the blog post as well: https://blog.rebex.net/oauth2-office365-rebex-mail

---

Would you mind to work out the example that fist server-side usage ? There is no user to do interaction.  Something similar like here: https://www.emailarchitect.net/eagetmail/sdk/html/object_oauth_ews_service.htm

Answer 1

Resolved!

Domain Admin had granted the following permission but not granted admin consent.

full_access_as_app