OAuth 2.0 for Office 365 Accounts (installed applications)

This tutorial demonstrates using OAuth 2.0 with IMAP/SMTP for Office 365. See "Microsoft accounts" versions of this tutorial if you're looking for OAuth 2.0 for Outlook.com or Hotmail.com accounts.

If you're looking for ASP.NET Core version, you can find it here.

The sample code in this tutorial is adapted from Microsoft Graph API sample (a WPF app) on Github. This sample is capable of getting the access token, refresh token, automatic refreshing the access token. We modified it with the ability to get the e-mail address of the user, request IMAP/SMTP specific scopes, and actually perform checking and sending mail via IMAP/SMTP and OAuth 2.0.

OAuth 2.0 magic is done with MSAL.NET library.

The idea is to make a Windows application which can access Office 365 account of a user via IMAP and SMTP without knowing the password of this user.

Register Azure project

Create an application in Azure Portal. You may need to create an account there first.

Find App Registrations section.

Click New registration. Type some Name the users will see on the consent screen. For Supported account types, we used Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) to target the widest set of Microsoft users.

Redirect URI can be set later. Click Register.

Save Application (client) ID, you'll need to specify it in the app code.

Click Authentication in Manage section. In Platform configurations, click Add a platform and then Mobile and desktop applications.

In Redirect URIs, set https://login.microsoftonline.com/common/oauth2/nativeclient checkbox.

Click Save to commit the changes.

In Manage / Certificates & secrets, click New client secret. You need to save the secret in some other place as you won't be able to retrieve it again. Actually, this step is optional because the WPF sample in this guide does not use a secret (but, for instance, ASP.NET Core version of this sample does use it).

In Manage / API permissions, click Add a permission. Select Microsoft Graph, then Delegated permissions, and in Select permissions search box type IMAP.AccessAsUser.All:

Click Add permissions.

WPF application

The sample application is based on Graph API WPF sample from Microsoft, taken from Github.

The modified application can be found at My Documents\MailBee.NET Objects\Samples\WinForms\.NET Core 2.0\C#\Office365RegularAccounts folder. The sample is available in C# only.

The original sample from Microsoft was already capable of performing all basic OAuth 2.0 operations such as obtaining access tokens via the consent screen and refreshing access tokens for subsequent background operations.

We modified the sample to request IMAP/SMTP scopes for Office 365 and added actual MailBee code which checks the number of messages in the inbox via IMAP and sends the email of the user to themselves.

We also added getting the details on the e-mail address and friendly name of the user (with Graph API), and some nice error handling and reporting.

Before running the sample, make sure to set MainWindow.MailBeeLicenseKey in MainWindow.xaml.cs to your MailBee.NET license key.

You'll also need to set your Client ID (which you got in Azure portal) at App.xaml.cs (App.ClientId constant).

Also, by default the sample creates log files in C:\Temp\imap_log.txt and C:\Temp\smtp_log.txt locations (for troubleshooting purposes). You can change that to some other path if required.


Send feedback to AfterLogic

Copyright © 2006-2020 AfterLogic Corporation. All rights reserved.