Using EWS with Office365 and OAuth20 (AAD) authentication by user/password pair

Question

Hi,
What is recommeded way to connect Microsoft Office 365 mailbox (URL outlook.office365.com.

ews.Login(user,pwd,EwsAuthentication.OAuth20)

does not work for us... it simply fails connect.

https://api.rebex.net/##RebexTotalPack.chm/Html/M_Rebex_Net_Ews_Login_3_33acd7bb.htm

It looks like https://forum.rebex.net/6674/authenticate-yahoo-and-outlook-com-email-servers-with-oauth?show=14563#c14563 is a bit outdated. Anyway it shows only method with accessToken in hand.

Jiri

Answer 1

Hi,

since Microsoft plans to disable Basic authentication on Office 365 servers using username and password (ews.Login(username, password) method in our API) in second half of year 2021, you have to use OAUth token, which you are attempting but with wrong procedure. There are more than one scenario how you can obtain an OAuth token from Microsoft. It is up to you how you obtain an OAuth token and that token you use in ews.Login(token, EwsAuthentication.OAuth) method only.

You can use code grant flow or client credential grant flow, device code flow should work too. You can get the token by implementing the process described on those pages or use Microsoft Authentication Libraries downloadable from NuGet to obtain your OAuth token. In any case you have to register your application on Azure and set it up properly there. This registration gives you an ID which you use in any method of your choice when obtaining an OAuth token.

Update: We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail, and another one that describes how to register application for with appropriate permissions in Azure.

Comments

We are not using ews.Login(username, password). We are using ews.Login(user,pwd,EwsAuthentication.OAuth20). I'd suggest either a) to implement in Rebex this option according to your suggestion (maybe I'm oldschool, but I simply expect a library do the job) or b) to throw not implemented, if in fact it is not feasible and thus the overload combination is not implemented.
Anyway thanks for links - I know them. But these examples are not EWS for Office365 specific, especially no info about what scopes and permissions have to be set in Azure/Office365. Concrete end-to-end example for single mailbox would help...

---

Hello, Ews.Login(userName,password,EwsAuthentication.OAuth20) is not supposed to work. It currently throws ArgumentOutOfRangeException with "Unsupported authentication method." error message, although I agree that something more helpful would be better - what about "This method does not support OAuth, please use the token-based method instead" error message?

As for a working example using the token-based method, I'm sure we will provide one soon. This is already high on our to-do list.

---

Great. ArgumentOutOfRangeException is a bit inapt. NotImplementedException or InvalidOperation might fit better. However at least message text adjustement would help. In general it would be always good to distinguish remote-end errors and local erros. "Unsupported authentication method." looks like remote-end error.

---

We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail (https://blog.rebex.net/oauth2-office365-rebex-mail ), and another one that describes how to register application for with appropriate permissions in Azure (https://blog.rebex.net/registering-app-for-oauth2-office365 ).

There is also a set of sample apps that show this in action: https://github.com/rebexnet/RebexExtras/tree/master/Office365_OAuth2