The ability to refresh an OAuth2 access token using a refresh token depends on the following factors: The Expiration of the Refresh Token: Refresh tokens typically have longer lifetimes than access tokens, and in some cases, they may not expire at all (until revoked). However, some authorization servers issue refresh tokens with expiration times. The expiration time can vary depending […]
(back to Send Email from Hotmail.com, Live.com, or Outlook.com) The Microsoft OAuth2 authorization endpoint is the URL where users are redirected to authorize your application and give it permissions to access their resources (such as email, calendar, etc.) using Microsoft’s OAuth2 protocol. Authorization Endpoint (for Microsoft Identity Platform): https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize Explanation: {tenant}: This specifies the Azure Active Directory (Azure AD) tenant […]
Problem: When trying to do get the initial OAuth2 authorization token from Azure (using Chilkat.OAuth2), I get the following error: {“error”:”invalid_request”,”error_description”:”AADSTS90023: Public clients can’t send a client secret. Trace ID: … Solution: Chilkat.OAuth2 is for desktop apps and scripts (i.e. not code that runs on a web server), but it still behaves as a “Web App” because Chilkat.OAuth2.StartAuth starts a […]
Question: When I try to send: Set resp = http.PostJson2(“https://graph.microsoft.com/v1.0/me/sendMail”,”application/json”,json.Emit()) I am getting this response: { “error”: { “code”: “InvalidAuthenticationToken”, “message”: “IDX14100: JWT is not well formed, there are no dots (.). The token needs to be in JWS or JWE Compact Serialization Format. (JWS): ‘EncodedHeader.EndcodedPayload.EncodedSignature’. (JWE): ‘EncodedProtectedHeader.EncodedEncryptedKey.EncodedInitializationVector.EncodedCiphertext.EncodedAuthenticationTag’.”, “innerError”: { “date”: “2024-05-13T15:26:14”, “request-id”: “…”, “client-request-id”: “…” } } } Failed, […]
If you successfully minted an OAuth2 access token for your Azure Entra Id App, but then it fails when attempting to use it in the SMTP protocol for sending email with the error: AUTH XOAUTH2 user=xxx auth=Bearer ********************** 535 5.7.3 Authentication unsuccessful [BN9PXXXA0336.namprd03.prod.outlook.com 2024-04-16T12:11:26.548Z 08DC9999186DF999] Check your Entra Id App Registration to make sure you have the following App Permissions:
This blog post walks you through the complete Azure App Registration process, including the subsequent Exchange Online PowerShell commands needed to achieve the OAuth2 client credentials flow for Office365 email sending and reading via the SMTP, IMAP, and POP3 protocols. I wish there was an “easy button”, but unfortunately it does not exist. Step 1. Register an Azure App Go […]
Question: I have seen that your lib support OAuth2 for DataFlex-Framework but only for Desktop-Clients. Is it correct or is there any support for DataFlex-Web-Applications? Answer: The functionality Chilkat provides in desktop applications for the OAuth2 authorization code flow, is to make your desktop application behave as a temporary web server to receive the single local HTTP redirect request from […]
OAuth2 Client Credentials can be used for authentication when you own the application, and you also own the account (such as Office 365, or Google, etc.) that your application will access. In other words, YOUR application is simply accessing resources in YOUR account, and YOU are the application user (or your application is running as a service or background process). […]
The Chilkat.OAuth2 class is designed for desktop applications, not server-side web applications. To explain further: The call to OAuth2.StartAuth does 2 things: Returns a URL you’ll open in a browser to interactively get authorization from the service’s account owner. Starts a background thread to act as a web server for the redirect request that will be forwarded from the local […]
To clarify further: When your desktop application (or script) calls Chilkat.OAuth2.StartAuth, two things happen: It returns a URL that you need to open in a web browser to obtain authorization interactively from the account owner of the service you are integrating with. It initiates a background thread that acts as a web server to handle the redirect request sent from […]