Office 365 + OAuth 2.0 + EWS

0 votes
asked Feb 29 by idblew (220 points)
edited Feb 29 by idblew

Hi,

Are there any code examples for accessing an Office 365 mailbox using EWS with an OAuth 2.0 token.

Everything is configured correct in Azure AD with regard to creating a RegisteredApp with the correct permissions.

I can obtain a token using Postman (see below), but when I pass the access_token value to EWS.Login(token, EwsAuthentication.OAuth20) I get the error "OAuth token is invalid (invalid_token)".

{
    "token_type": "Bearer",
    "expires_in": "3599",
    "ext_expires_in": "3599",
    "expires_on": "1582880341",
    "not_before": "1582876441",
    "resource": "https://outlook.office365.com",
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6Im45dW1aeWl4bmM5RVJyeVpnVnQ1N3JPcTdwcFVLQkRMOTZjaEFSYnpUT0kiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQzZDQ0YWY5LWRmZjItNGZiOC04OGI0LWU1MGFiM2ExYjQxYS8iLCJpYXQiOjE1ODI4NzY0NDEsIm5iZiI6MTU4Mjg3NjQ0MSwiZXhwIjoxNTgyODgwMzQxLCJhaW8iOiI0Mk5nWUlqN0tKLzd5ckdvZVBwYjJVZHlQOTZMQUFBPSIsImFwcF9kaXNwbGF5bmFtZSI6IkVESSBMZWdhY3kgQXBwIE9BVVRIIiwiYXBwaWQiOiI2YTIxNTUxOC02YjIxLTQ1ZGMtYWJjOC04YzQyMTMzMGRmZTQiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80M2Q0NGFmOS1kZmYyLTRmYjgtODhiNC1lNTBhYjNhMWI0MWEvIiwib2lkIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwicm9sZXMiOlsiTWFpbC5SZWFkV3JpdGUiLCJNYWlsLlJlYWQiLCJNYWlsLlNlbmQiXSwic2lkIjoiNjMwODlkY2UtNDg3MC00MjIyLWFlMzktMGM2ZDg4MDAxMDE3Iiwic3ViIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwidGlkIjoiNDNkNDRhZjktZGZmMi00ZmI4LTg4YjQtZTUwYWIzYTFiNDFhIiwidXRpIjoiTE44bXhRcGF2a0NsU2FJdjEwNHZBQSIsInZlciI6IjEuMCJ9.YslJwwD1mvhj6UJXAhB4waop80Sx1TrqLNrxLhzf_jiFS8oclEUXx3_Zdvo7dFCL4JRouDHio7jtRRa9Yym329fsOOBU3IxWHfRi6twEWAHab84olBrZrqinGfBtiameECscdRMj9n0kCScUCVdDOHtgIs9QZUxy_EH70HO945PEnZyEx0eIEXNG7HHOFld6plgeD6BmU4dFNvI5UW73TlRSm8PRuFhSGQT1CYjyPeSMqA-u9lGNfNuUFG1eNCGFuTdwyG8d1TLPIuwIeRLhyMVfkFv2JW-mv_0GhtO9R_Q63UmxuYvJfIQT0XHEKQhEsROm-4twaPCjlpx7ZUhQfw"
}

I've also tried programatically to obtain the token using the code below with no success.

AuthenticationContext authContext = new AuthenticationContext(String.Format("https://login.microsoftonline.com/{0}", _tenantId));
ClientCredential clientCredential = new ClientCredential(_clientId, _clientSecret);
AuthenticationResult authResult = authContext.AcquireTokenAsync("https://outlook.office365.com", clientCredential).Result;
EWS.Login(authResult.AccessToken, EwsAuthentication.OAuth20);

Any help greatly appreciated!

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Mar 2 by idblew (220 points)
selected Mar 2 by Lukas Matyska
 
Best answer

Resolved!

Domain Admin had granted the following permission but not granted admin consent.

full_access_as_app
...