0 votes
by (220 points)
edited by

Hi,

Are there any code examples for accessing an Office 365 mailbox using EWS with an OAuth 2.0 token.

Everything is configured correct in Azure AD with regard to creating a RegisteredApp with the correct permissions.

I can obtain a token using Postman (see below), but when I pass the access_token value to EWS.Login(token, EwsAuthentication.OAuth20) I get the error "OAuth token is invalid (invalid_token)".

{
    "token_type": "Bearer",
    "expires_in": "3599",
    "ext_expires_in": "3599",
    "expires_on": "1582880341",
    "not_before": "1582876441",
    "resource": "https://outlook.office365.com",
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZSI6Im45dW1aeWl4bmM5RVJyeVpnVnQ1N3JPcTdwcFVLQkRMOTZjaEFSYnpUT0kiLCJhbGciOiJSUzI1NiIsIng1dCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSIsImtpZCI6IkhsQzBSMTJza3hOWjFXUXdtak9GXzZ0X3RERSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQzZDQ0YWY5LWRmZjItNGZiOC04OGI0LWU1MGFiM2ExYjQxYS8iLCJpYXQiOjE1ODI4NzY0NDEsIm5iZiI6MTU4Mjg3NjQ0MSwiZXhwIjoxNTgyODgwMzQxLCJhaW8iOiI0Mk5nWUlqN0tKLzd5ckdvZVBwYjJVZHlQOTZMQUFBPSIsImFwcF9kaXNwbGF5bmFtZSI6IkVESSBMZWdhY3kgQXBwIE9BVVRIIiwiYXBwaWQiOiI2YTIxNTUxOC02YjIxLTQ1ZGMtYWJjOC04YzQyMTMzMGRmZTQiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80M2Q0NGFmOS1kZmYyLTRmYjgtODhiNC1lNTBhYjNhMWI0MWEvIiwib2lkIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwicm9sZXMiOlsiTWFpbC5SZWFkV3JpdGUiLCJNYWlsLlJlYWQiLCJNYWlsLlNlbmQiXSwic2lkIjoiNjMwODlkY2UtNDg3MC00MjIyLWFlMzktMGM2ZDg4MDAxMDE3Iiwic3ViIjoiMGQ0YjVkNjQtYTg0Ni00YWM3LTgyZjktYmRlMDBlYjhmZjNmIiwidGlkIjoiNDNkNDRhZjktZGZmMi00ZmI4LTg4YjQtZTUwYWIzYTFiNDFhIiwidXRpIjoiTE44bXhRcGF2a0NsU2FJdjEwNHZBQSIsInZlciI6IjEuMCJ9.YslJwwD1mvhj6UJXAhB4waop80Sx1TrqLNrxLhzf_jiFS8oclEUXx3_Zdvo7dFCL4JRouDHio7jtRRa9Yym329fsOOBU3IxWHfRi6twEWAHab84olBrZrqinGfBtiameECscdRMj9n0kCScUCVdDOHtgIs9QZUxy_EH70HO945PEnZyEx0eIEXNG7HHOFld6plgeD6BmU4dFNvI5UW73TlRSm8PRuFhSGQT1CYjyPeSMqA-u9lGNfNuUFG1eNCGFuTdwyG8d1TLPIuwIeRLhyMVfkFv2JW-mv_0GhtO9R_Q63UmxuYvJfIQT0XHEKQhEsROm-4twaPCjlpx7ZUhQfw"
}

I've also tried programatically to obtain the token using the code below with no success.

AuthenticationContext authContext = new AuthenticationContext(String.Format("https://login.microsoftonline.com/{0}", _tenantId));
ClientCredential clientCredential = new ClientCredential(_clientId, _clientSecret);
AuthenticationResult authResult = authContext.AcquireTokenAsync("https://outlook.office365.com", clientCredential).Result;
EWS.Login(authResult.AccessToken, EwsAuthentication.OAuth20);

Any help greatly appreciated!

Applies to: Rebex Secure Mail
by
hey,
I can see you resolved your own problem :) Would you be able to share how you request a token from EWS using postman?
Thanks!
by (148k points)
This might not be relevant to Postman, but we now have sample apps that show EWS + OAuth 2.0 flow using custom code (https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2) and using Microsoft.Identity.Client API (https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2_IdentityClient).
by (220 points)
Hi Lukas,

The blog article mentioned in both of the above (see below) no longer exists, do you have an updated URL?

https://blog.rebex.net/oauth2-office365-rebex-mail

Thanks
by (148k points)
Actually, the accompanying article is going to be published next week. I just published the source code few days earlier in hope it would be useful anyway. Sorry for the inconvenience! I'll post an update when the article appears.
by
@Lukas thanks! Ill have a look
by (148k points)
We just published the blog post as well: https://blog.rebex.net/oauth2-office365-rebex-mail
by (210 points)
Would you mind to work out the example that fist server-side usage ? There is no user to do interaction.  Something similar like here: https://www.emailarchitect.net/eagetmail/sdk/html/object_oauth_ews_service.htm

1 Answer

0 votes
by (220 points)
selected by
 
Best answer

Resolved!

Domain Admin had granted the following permission but not granted admin consent.

full_access_as_app
...