0 votes
by (370 points)

Hi

This is quite difficult to explain my issue but Ill give it a try.

We have a working implementation where we log into Imap using a token:

Imap.Login(Token, ImapAuthentication.OAuth20)

We get the token using the examle found here: RebexExtras/Office365_OAuth2/

So the user logs in, a token is returned and we format the token like this

Dim pattern As String = String.Format("user={0}{1}auth=Bearer {2}{1}{1}", "user@domain.com", ChrW(1), result.AccessToken)
Dim Token As String = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern))

This works.

Now we want to log in using a token that we retrieve using a client secret (no user login). Using the clientid, secret and the aadUrl I am able to get an access token. The scope I use here is **https://graph.microsoft.com/.default** so the scope is different because it need to include ".default" I format the token the same way as above before I pass it.

However when we do this we are unable to log in, the message returned is: AUTHENTICATE failed (NO).

Could you possibly point us in a direction to look? Is it a pure right issue in Outlook.Office365.com? Any pointers is appreciated.

Applies to: Rebex Secure Mail

1 Answer

+1 vote
by (134k points)
selected by
 
Best answer

Hi,

The sample code at Extras/Extras/Office365_OAuth2 is only suitable for delegated authentication (applications with user login). To support app-only authentication (services and deamons with client secret, no user login), we would have to extend the OAuthAzureHelper library.

However, if you are using .NET Framework 4.6, NET Core 3.1, .NET 5.0 or higher, check out Extras/Office365OAuth2IdentityClient instead. This uses Microsoft's Microsoft.Identity.Client library that supports both app-only and delegated authentication.

Additionally, check the step-by-step guide that describes how to properly configure this in Microsoft 365:

If you are using .NET Framework 4.0 or 3.5, please let us know. We plan to enhance OAuthAzureHelper soon as well to make it possible to use app-only authentication on these legacy platforms.

by (370 points)
Hi Lukas,

The step by step guide on how to configure did the trick. Very helpful indeed. Solved.

Thank you.
...