OAuth 2.0 for Universal Windows apps

The idea is to demonstrate a UWP application which can access an account at Gmail.com (Google provider) or Outlook.com, Hotmail.com or Live.com (Microsoft provider) via IMAP and SMTP without knowing the password of that account.

The basic idea

Unlike .NET Core version, we cannot use HttpListener to intercept the authorization code from the browser (UWP apps are not allowed to do that, at least not in production). Instead, we're using URL schema registration. The process is as follows:

The advantage of the approach in this article is that it does not require you to keep OAuth ClientSecret in your app, storing ClientID is enough.

Register Microsoft project

This is needed only if you want to support Microsoft provider in your application.

Create an application in Application Registration Portal. You may need to create an account there first.

For OAuth 2.0, create a Live SDK application. Click Add an app in Live SDK applications section.

On the next screen, click Add Platform and select Native application, then save changes. If you already have an app (for instance, with Web platform added), you can add a platform to the existing app.

Application ID (Client ID) and is there, you'll need it in the UWP app later. Note that ClientSecret is not required.

Then add a pw.oauth2://oauth2redirect in Custom Redirect URIs section and save changes. pw.oauth2 must match the value from Package Manifest / Declarations / Protocol / Name of your UWP app. You can choose another name, just make sure it matches the name you selcted when adding a protocol in Package Manifest / Declarations. The protocol name must start with a letter and have a dot inside. oauth2redirect part is not important, can be anything, actually.

Make sure to add the required permissions (scopes) as well:

Microsoft is changing things there often. Sometimes, Live SDK app simply doesn't work and you may try creating a Converged application. Also, you may be asked to use Azure portal instead of apps.dev.microsoft.com site. At the moment of writing, Azure portal was not stable enough for that.

Register Google project

This is needed only if you want to support Google (Gmail.com) provider in your application.

First, you need to register a project in your Google Developer Console. See OAuth 2.0 for Google Regular Accounts (installed applications) how. The only difference is that you need to select iOS, not Other in Application type dialog. There is no UWP option but iOS option seems to work well.

Put a pw.oauth2 in Bundle ID field and click Create. pw.oauth2 must match the value from Package Manifest / Declarations / Protocol / Name of your UWP app. It's the protocol part of a redirectUri where the login provider will redirect upon the successful authorization.

You'll also need to set permissions to work with e-mail via IMAP/SMTP and access your e-mail address. See OAuth 2.0 for Google Regular Accounts (installed applications) how.

Configure application in Visual Studio

Open My Documents\MailBee.NET Objects\Samples\WinForms\.NET Core 2.0\C#\OAuthUniversalApp sample project.

In MainPage.xaml.cs, set MicrosoftClientID and/or GoogleClientID to the values you obtained from the respective providers. Set MailBeeLicenseKey field too.

If you changed the redirect URI protocol from pw.oauth2 value to something else, adjust RedirectUriProtocol constant as well.

Change _provider field from Google to Microsoft or vice versa, depending on which provider you want to test.

Run application in Visual Studio

Now build and run the application. How it works:

In case of Google, the redirect URI is pw.oauth2:/oauth2redirect, not pw.oauth2://oauth2redirect (single slash instead of double slash).

Miscellaneous:


Send feedback to AfterLogic

Copyright © 2006-2019 AfterLogic Corporation. All rights reserved.