I'm using an IMAP client in my program. I'm trying to access to Office 365 outlook by IMAP client using OAuth2 mechanism (using these instructions.)
When I authenticate in IMAP client - authentication failes, but OAuth2 authentication of Google and Outlook.com works fine. Does Office 365 support OAuth2 authentication in IMAP? If it does, how to authenticate?
We are actively working on OAuth support for IMAP connections to O365 mailboxes. We will make a public announcement once the same is available.
With the new rollout for OAuth 2.0 support for IMAP, I am able to generate the token using the scope
https://outlook.office365.com/IMAP.AccessAsUser.All
But I am still getting
A1 NO AUTHENTICATE failed
I am using the following properties:
props.put("mail.imap.ssl.enable", "true");
props.put("mail.imap.auth.mechanisms","XOAUTH2");
props.put("mail.imap.auth.plain.disable", "true");
EDIT: It is working now !
I got this to work as I described here: Connect to outlook Office 365 IMAP using OAUTH2
The App Permissions in Azure AD have been moved to the Graph API Section different to the screenshot that was in the comments above.
Also the Scope that Azure AD shows did not work for me, I had to use https://outlook.office365.com/IMAP.AccessAsUser
We don't support OAuth for IMAP access to Office 365 and we have no plans to do so as we recommend using our REST APIs to connect to Office 365 for your apps. OAuth is supported for Office 365 REST APIs for mail, calendar and contacts and our older SOAP APIs Exchange Web Services.
Related
Considering the basic auth deprecation, is it possible to authenticate to EWS and POP3 from a C# application using a local machine or user certificate store?
EWS supports the Client_Credentials flow https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow so you can use either a Client Secret of Certificate.
POP3,IMAP and SMTP while they do support OAuth don't support the Client_Credentials flow so you always need to use a credential for that.
I've a web application where i have used office 365 login (for sharepoint) to authenticate the user and then redirect to my web application.
Now i want to access the logged in office 365 user's calendar and add events, get list of calendars etc.. I've looked into office 365 API but it uses OAuth2 authentication which i don't want to go for.
So i went for ExchangeService API but it needs the NetworkCredentials of the user, which means i have to add the username and password for each user, which is not possible.
Is there any way i can use the logged in office 365 user's details and access the calendars and events?
The best way to access Office365 resources like mailboxes, calendars, contacts etc. is by using Microsoft Graph.
There are many SDK and code samples to start developing with Graph API. Here is a guide for ASP.NET MVC app.
I'm working on a C# application that would access current user's mailbox in office 365, but cannot go past authentication phase.
I was using this example https://msdn.microsoft.com/en-us/library/office/dn567668(v=exchg.150).aspx
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
service.UseDefaultCredentials = false;
//Specify login which works when connecting to Office 365 web UI
service.Credentials = new WebCredentials("office_365_login#domain", "password");
//would fail here with 401 unauthorised
service.AutodiscoverUrl("email_address", RedirectionUrlValidationCallback);
//As an alternative to autodiscover, I've tried to specify endpoint explicitly
service.Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx")
EmailMessage email = new EmailMessage(service);
...//Set email info
//Would fail with 401 unauthorised
email.Send();
Such code works just fine when connecting local Exchange mailboxes, but doesn't work with office 365 for some reason. I've tried using solution provided here, same result: Connection to Office 365 by EWS API
Infrastructure description:
Our company uses hybrid Exchange setup: some mailboxes are located on local Exchange servers, some have been migrated to Office 365. We have also Microsoft ADFS server installed, used for office 365 authentication.
When I open OWA URL in browser, I'm being first redirected to our ADFS server, if I'm using domain account, I'm being transparentry redirected to https://outlook.office.com/owa/ otherwise I'm being asked for credentials on our ADFS server.
Question:
Is it possible to connect Office 365 mailbox by specifying credentials explicitly, like in the code example? Or should I get token from our ADFS server and use it to connect to Office 365? I haven't found C# examples on the latter one.
Goals, I'm trying to achieve:
Perfect scenario. If user runs the app using domain account,
application should be able to access his mailbox without specifying
credentials explicitly
Acceptable scenario. User has to set credentials explicitly in order
for application to access mailbox
In case you are trying to use EWS API for connecting to Office 365 mailbox, have a look to this:
You cannot use basic authentication (username and password) in your EWS application to connect to Office/Microsoft 365 now. Microsoft no longer supports basic authentication in EWS for Exchange Online. You are advised to use OAuth2.0 to get a token and use the same in your EWS client to connect to Office 365.
For this you will have to register your application in Azure AD to use client credential flow. I did a POC on this using console application.
Here's the link to GitHub repository for source code and documentation.
I want to get an access to Calendar rest API. I've created azure multi-tenant app, and configured it.
I'm trying to get an access token to resource "https://outlook.office365.com/", but I get an error
'AADSTS50001: Resource 'https://outlook.office365.com/' is disabled.'
Note: I couldn't find "Office 365 Exchange Online" inside "Permissions to other applications" section inside azure account.
Your help please.
You won't see Exchange in your Azure account unless you have an Office 365 subscription that includes Exchange. It sounds like you're registering in https://manage.windowsazure.com? You might want to try registering your app in https://apps.dev.microsoft.com and using the v2 Azure auth flow. Big benefit is you can register apps with just a Microsoft account (like outlook.com, etc) See https://dev.outlook.com/RestGettingStarted for walkthroughs.
I am looking into possibility to create or delete email aliases for user emails in Office 365 through EWS Managed API.
It can be easily done through UI: https://support.office.com/en-sg/article/Add-an-email-alias-to-a-user-account-cd25a91a-eb1a-4ed7-be94-5517fb5113c2, but unfortunately, I haven't found any methods in Exchange Web Services API to do this.
Does anyone know if it's possible?
EWS does not support manipulating the user. You would want to investigate using Remote Powershell and the mailbox-related cmdlets.