Authenticate to Yahoo and Outlook.com email servers with OAuth 2.0

+3 votes
asked Nov 21, 2016 by Rebex KB (8,380 points)

I am trying to authenticate to Yahoo and Outlook (live.com) mail servers with OAuth 2.0.

How can I do this with Rebex Secure Mail component?

Applies to: Rebex Secure Mail

1 Answer

+2 votes
answered Nov 21, 2016 by Tomas Knopp (58,890 points)
edited Mar 24 by Lukas Pokorny
 
Best answer

Update: We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail, and another one that describes how to register application for with appropriate permissions in Azure.


Generaly, you can follow the blog we wrote about authenticating to Gmail with OAuth 2.0.

Getting the OAuth2.0 token and setting the appropriate permissions and scopes is definitely server-dependent and you have to solve it yourself separately for each server.

Outlook.com (live.com):

Follow this tutorial to get the OAuth 2.0 access token from Outlook. Make sure to set the right permissions and scopes for Outlook.com (live.com) mail servers.
You will most likely have to use the deprecated Live Connect APIs(login.live.com) and need to pass the "wl.imap" scope for both SMTP and IMAP full server access. No other scopes than a full one seem to be supported.

Yahoo mail servers:

Follow this StackOverflow question. It is even more tricky to set the permissions and get the OAuth 2.0 access tokens from yahoo, as yahoo recently removed this option from their UI. See this answer for a possible solution. In short you will have to write your own web form, send the request to a special site and set the scope to set "ymrf" for full mail access ("ymrs" for summary, "ymrw" for Read/Write access).

However, once proper permissions are in place and you have the OAuth 2.0 access token, you can just easily authenticate within your app:

// create SMTP client instance and connect
// (same applies for Rebex.Net.Imap)
var client = new Rebex.Net.Smtp();
client.Connect("mail-server", SslMode.Implicit);

// prepare token
string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}", userEmail, '\x1', accessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

// log in using OAuth 2.0
client.Login(token, SmtpAuthentication.OAuth20);
commented Feb 12 by Jiří Zídek (210 points)
Hi,
It looks like there is an overload of client.Login(user,pwd,SmtpAuthentication.OAuth20);

Is it usable ?
It should be equivalent to your

// prepare token
string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}", userEmail, '\x1', accessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

// log in using OAuth 2.0
client.Login(token, SmtpAuthentication.OAuth20);
commented Feb 15 by Pavel Matyska (13,940 points)
Hi,

yes, there is an overload of client.Login(user, pwd, SmtpAuthentication.OAuth20); method. The method with this argument combination enforces a non-null userName but then ignores it and behaves just like Login(string, SmtpAuthentication) with pwd used as an OAuth token. Thanks for letting us know about this quirk, we'll address it in one of the next releases.
commented Feb 15 by Jiří Zídek (210 points)
OK, then it is not equivalent. My input parameters are USER nad PASSWORD. Not AccessToken. What is corresponding way to login with Rebex.Ews? The link above to MSDN, does not work.  Small detail - I am using EWS and not SMTP.
commented Feb 16 by Pavel Matyska (13,940 points)
There are similar metods on Ews class. If you have USER and PASSWORD, use client.Login(USER, PASSWORD) method where client is an instance of Ews class. For all Login method overloads please see https://api.rebex.net/##RebexTotalPack.chm/Html/O_T_Rebex_Net_Ews_Login.htm

If you need another help with Ews class please post it as new question rather than commenting on this one.
...