Using EWS with Office365 and OAuth20 (AAD) authentication by user/password pair

0 votes
asked Feb 16 by Jiří Zídek (210 points)

Hi,
What is recommeded way to connect Microsoft Office 365 mailbox (URL outlook.office365.com.

ews.Login(user,pwd,EwsAuthentication.OAuth20)

does not work for us... it simply fails connect.

https://api.rebex.net/##RebexTotalPack.chm/Html/M_Rebex_Net_Ews_Login_3_33acd7bb.htm

It looks like https://forum.rebex.net/6674/authenticate-yahoo-and-outlook-com-email-servers-with-oauth?show=14563#c14563 is a bit outdated. Anyway it shows only method with accessToken in hand.

Jiri

Applies to: Rebex Secure Mail

1 Answer

+1 vote
answered Feb 16 by Pavel Matyska (13,920 points)

Hi,

since Microsoft plans to disable Basic authentication on Office 365 servers using username and password (ews.Login(username, password) method in our API) in second half of year 2021, you have to use OAUth token, which you are attempting but with wrong procedure. There are more than one scenario how you can obtain an OAuth token from Microsoft. It is up to you how you obtain an OAuth token and that token you use in ews.Login(token, EwsAuthentication.OAuth) method only.

You can use code grant flow or client credential grant flow, device code flow should work too. You can get the token by implementing the process described on those pages or use Microsoft Authentication Libraries downloadable from NuGet to obtain your OAuth token. In any case you have to register your application on Azure and set it up properly there. This registration gives you an ID which you use in any method of your choice when obtaining an OAuth token.

commented Feb 17 by Jiří Zídek (210 points)
We are not using ews.Login(username, password). We are using ews.Login(user,pwd,EwsAuthentication.OAuth20). I'd suggest either a) to implement in Rebex this option according to your suggestion (maybe I'm oldschool, but I simply expect a library do the job) or b) to throw not implemented, if in fact it is not feasible and thus the overload combination is not implemented.
Anyway thanks for links - I know them. But these examples are not EWS for Office365 specific, especially no info about what scopes and permissions have to be set in Azure/Office365. Concrete end-to-end example for single mailbox would help...
commented Feb 18 by Lukas Pokorny (118,730 points)
Hello, Ews.Login(userName,password,EwsAuthentication.OAuth20) is not supposed to work. It currently throws ArgumentOutOfRangeException with "Unsupported authentication method." error message, although I agree that something more helpful would be better - what about "This method does not support OAuth, please use the token-based method instead" error message?

As for a working example using the token-based method, I'm sure Pavel can provide one soon. This is already high on our to-do list.
commented Feb 18 by Jiří Zídek (210 points)
Great. ArgumentOutOfRangeException is a bit inapt. NotImplementedException or InvalidOperation might fit better. However at least message text adjustement would help. In general it would be always good to distinguish remote-end errors and local erros. "Unsupported authentication method." looks like remote-end error.
...