The ability to refresh an OAuth2 access token using a refresh token depends on the following factors: The Expiration of the Refresh Token: Refresh tokens typically have longer lifetimes than access tokens, and in some cases, they may not expire at all (until revoked). However, some authorization servers issue refresh tokens with expiration times. The expiration time can vary depending […]
(back to Send Email from Hotmail.com, Live.com, or Outlook.com) The Microsoft OAuth2 authorization endpoint is the URL where users are redirected to authorize your application and give it permissions to access their resources (such as email, calendar, etc.) using Microsoft’s OAuth2 protocol. Authorization Endpoint (for Microsoft Identity Platform): https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize Explanation: {tenant}: This specifies the Azure Active Directory (Azure AD) tenant […]
Problem: When trying to do get the initial OAuth2 authorization token from Azure (using Chilkat.OAuth2), I get the following error: {“error”:”invalid_request”,”error_description”:”AADSTS90023: Public clients can’t send a client secret. Trace ID: … Solution: Chilkat.OAuth2 is for desktop apps and scripts (i.e. not code that runs on a web server), but it still behaves as a “Web App” because Chilkat.OAuth2.StartAuth starts a […]
Question: When I try to send: Set resp = http.PostJson2(“https://graph.microsoft.com/v1.0/me/sendMail”,”application/json”,json.Emit()) I am getting this response: { “error”: { “code”: “InvalidAuthenticationToken”, “message”: “IDX14100: JWT is not well formed, there are no dots (.). The token needs to be in JWS or JWE Compact Serialization Format. (JWS): ‘EncodedHeader.EndcodedPayload.EncodedSignature’. (JWE): ‘EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag’.”, “innerError”: { “date”: “2024-05-13T15:26:14”, “request-id”: “…”, “client-request-id”: “…” } } } Failed, […]
This blog post walks you through the complete Azure App Registration process, including the subsequent Exchange Online PowerShell commands needed to achieve the OAuth2 client credentials flow for Office365 email sending and reading via the SMTP, IMAP, and POP3 protocols. I wish there was an “easy button”, but unfortunately it does not exist. Step 1. Register an Azure App Go […]
Question: I have seen that your lib support OAuth2 for DataFlex-Framework but only for Desktop-Clients. Is it correct or is there any support for DataFlex-Web-Applications? Answer: The functionality Chilkat provides in desktop applications for the OAuth2 authorization code flow, is to make your desktop application behave as a temporary web server to receive the single local HTTP redirect request from […]
OAuth2 Client Credentials can be used for authentication when you own the application, and you also own the account (such as Office 365, or Google, etc.) that your application will access. In other words, YOUR application is simply accessing resources in YOUR account, and YOU are the application user (or your application is running as a service or background process). […]
This page will be updated as time progresses with what we’ve learned about getting things working with OAuth2 authentication for office365.com using the email protocols: SMTP, POP3, and IMAP. How do Other Office365 Users Send Email using my App Registered in my Azure Active Directory? It’s important to understand Tenancy in Azure Active Directory Apps. See this https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps When you […]
Here I’m just relaying bits of knowledge from a great Chilkat customer… “I learned meanwhile that Microsoft doesn’t like mixing “resources”, so if you request something from “Graph” resource and “Outlook” resource, they are incompatible resources, so you have to request different tokens for both, or request resource for only Graph and then refresh token only for “Outlook” resources – […]
Here are some notes regarding OAuth2 Redirect URI’s for Microsoft Azure AD apps. See https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url A few important points: You can add http://127.0.0.1, and it is preferred over http://localhost because of misconfigured firewalls or hosts file etc. 127.0.0.1 is the loopback address and localhost is just translated into 127.0.0.1. The only pitfall is that you have to add it as […]