How to login with OAuth2 token using client secret for daemon/service app

0 votes
asked Mar 22 by rschrader (120 points)

We are attempting to pass an OAuth2 token into the Pop3 Rebex client utilizing the pattern indicated below.
We are able to retrieve the token using Microsoft Identity Client, connect with the Pop3 client and Login
using the token and the Pop3Auntenication.OAuth20 override. But, when attempting to utilize the GetMessageList() method
an exception is thrown indicating "A-ERR Authentication failure: unknown user name or bad password...".

string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}", config.UserName, '\x1', AccessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

Applies to: Rebex Secure Mail

1 Answer

0 votes
answered Mar 22 by Lukas Pokorny (120,490 points)
edited Mar 24 by Lukas Pokorny

Make sure that config.UserName is correct - it's best to retrieve this via OAuth2 as well. Check out ImapOAuthWpfApp_IdentityClient sample source code - this shows how to authenticate with OAuth2 via Microsoft Identity Client to Office365, and retrieve mail messages using Rebex Imap class. The process for Pop3 is essentially the same (just use Pop3 instead of Imap and configure the application to ask for https://outlook.office365.com/POP.AccessAsUser.All instead of https://outlook.office365.com/IMAP.AccessAsUser.All).

Update: We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail, and another one that describes how to register application for with appropriate permissions in Azure.

commented Mar 26 by rschrader (120 points)
Okay, so, what I run into is that all of this seems to be fine for applications using delegated authentication with a signed-in user present. But what we need to do is make it work for background service applications with no signed in user present. The blog references that this process is a bit different but outside the scope of the blog. So I am trying to find a description of how to do this.
commented Mar 29 by Lukas Pokorny (120,490 points)
We hope to publish a separate blogpost on that soon as well. In the meantime, try following Microsoft's instructions for "app-only" authentication for EWS at https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth - the same process would for Rebex EWS, and I assume it applies to POP3 as well, although the section on application manifests and requiredResourceAccess  is somewhat cryptic and might have to be adjusted for POP3.
...