Creating an App Registration w/ Client ID for OAuth2 Authentication for Hotmail.com, Live.com, or Outlook.com

(back to Send Email from Hotmail.com, Live.com, or Outlook.com)

To create an App Registration in Entra ID (formerly known as Azure Active Directory or Azure AD)  you need a Microsoft work or school account. This is typically associated with an Azure AD tenant, and it provides the necessary permissions to access Entra ID features.

Here’s what you need:

1. Microsoft Account Types for Entra ID

  • Work or School Account: This is an account provided by your organization, typically under a custom domain (e.g., “user@yourcompany.com”). It is associated with a specific Azure Active Directory tenant, and it provides access to the full range of Microsoft cloud services, including Entra ID and app registrations for OAuth2.
  • Personal Microsoft Account (e.g., Hotmail, Live, Outlook): A personal Microsoft account (like “@hotmail.com” or “@outlook.com”) does not have access to Entra ID by default. However, you can gain access by signing up for an Azure subscription, which will create a personal Azure AD directory for your account. This would give you the ability to create app registrations and OAuth2 credentials, but it is not the standard scenario for Entra ID access.

2. How to Create an App Registration (OAuth2 Client ID)

To create an App Registration, you need access to an Azure AD tenant. Here’s how you can get access:

If you have a Work or School Account
  • Sign in to the Azure portal using your work or school account credentials.
  • Navigate to Azure Active Directory and then to App registrations to register an app and generate OAuth2 credentials.
If you only have a Personal Microsoft Account
  1. Create an Azure Account:
    • Go to [Azure](https://azure.microsoft.com) and sign up for a free account (if you don’t already have one).
    • During the sign-up process, a default Azure AD tenant will be created for you.
  2. Access Azure AD (Entra ID):
    • After signing up for Azure, you can access Azure Active Directory (which is now called Entra ID).
    • Use the newly created Azure AD tenant to register your app and generate OAuth2 credentials.

3. Azure Subscription:

  • If you’re using a personal account (e.g., Hotmail, Live, or Outlook), you’ll need an Azure subscription to create an Azure AD tenant. Azure offers a free tier with limited services that should be sufficient for testing purposes, including creating app registrations.
  • Work or school accounts tied to an organization often already have an Azure AD tenant, so no extra steps are required to set up app registrations.

Steps to Register an App (Recap):

  1. Sign in to the Azure Portal: [https://portal.azure.com](https://portal.azure.com)
  2. Navigate to Entra ID (Azure AD): Search for Azure Active Directory or Entra ID in the search bar.
  3. App Registration: Under Azure AD, go to App registrations and click New registration.

Here are the settings I used in creating an App Registration

Also, in Authentication, I chose to allow public client flows…

If you don’t allow for public client flows (as shown above), then you’ll get this error:

{“error”:”invalid_client”,”error_description”:”AADSTS70002: The provided request must include a ‘client_secret’ input parameter. Trace ID: xxxxxxxxxx-9fb5-45bd-ba27-xxxxxxx Correlation ID: xxxxxxxx-59ca-4040-84c1-xxxxxxx Timestamp: 2024-10-02 16:41:28Z”,”error_codes”:[70002],”timestamp”:”2024-10-02 16:41:28Z”,”trace_id”:”xxxxxxxx-9fb5-45bd-ba27-01b09c113801″,”correlation_id”:”xxxxxxx-59ca-4040-84c1-xxxxxxxxx”,”error_uri”:https://login.microsoftonline.com/error?code=70002}