Fantastic stuff here! Thanks so much for creating. This worked for me. I will add that I had to run: Install-Module -Name AzureADPreview -AllowClobber to install the preview version which I believe includes the New-ServicePrincipal cmdlet. I also had to add: Install-Module -Name PackageManagement -Repository PSGallery -Force Install-Module -Name PowerShellGet -Repository PSGallery -Force to enable the -prerelease switch to work. Crazy how laborious MS made it to read an email account!
New-ServicePrincipal was downloaded once you connected to your tenant, maybe MS changed this and included in the base module :), it was one of the most annoying thing for me, because I was trying using a tenant where I had insufficient permission and I got in return that New-ServicePrincipal was not recognized (a message like "you do not have enough privilege would have been welcomed") For the "how laborious MS", I can agree, but this is OAuth2 standard, it is really more work to do, but in the end it is more secure, and given that EMails are an important asset, I really appreciate that they took a bald move and made it a Must. A more comprehensive documenation and extensive examples would have been made the transition easier.
@@codewrecks Grazie mille per il video. Sono però bloccato con il comando "New-ServicePrincipal" che non riesce ad essere riconosciuto come cmdlet valido. Ho installato tutti i moduli powershell necessari; lato User l'ho abilitato ad ogni permesso e ruolo possibile sul Tenant, mi domando quindi se ci sono suggerimenti specifici per poter superare la problematica. Grazi mille
Nel mio caso erano permessi insufficienti (ma potrebbe anche essere forse essersi connessi ad un tenant sbagliato). Purtroppo se qualche cosa non va (usualmente permessi) l'errore è quello invece di cmdlet non presente, che è abbastanza fuorviante.
@@GianMariaRicci Sto effettivamente indagando sui permessi del tenant (è unico e ho già verificato tramite ID di collegarmi a quello ove è presente la mia app). A memoria, ricordi per caso quali fossero i permessi necessari? Io utilizzo un utente che oltre ad essere TenantAdminn è anche: Company Administrator, Exchange Administrator, Security Administrator, Privileged Role Administrator. Grazie mille
I am not so familiar with Visual studio he used here and I am lost as to how he got to all these commands and which templates he used. I mean the visual studio part. Can you help with where all those commands come from, How I can replicate it on my Visual studio?
Really really helpful, thank you! By now you can skip the -PreRelease flag as those powershell modules are generally available. Also I found that you don't need the Graph API module at all.
How are we supposed to understand how this Principal works only with Microsoft documentation ? I hope I will be able to use OAuth authentication in my application to connect to mailbox in imap, thanks to that video.
I can't belive that Microsoft made this difficult for us to connect to azure and be able to read a mailbox. All those steps outside the project (powershell commands and so) with what purpose? Just to add difficult to the process. Thanks man! nice video.
Actually the problem is that OIDC and OAUTH2 were standard from long time but very few developer study them to use in their application. Google and other big player are gradually enforcing OAUTH2 everywhere. The real problem is that we lacked an official C# library with really clear step by step instruction on how to put everything in place. Also some of the CMDLet for sharepoint were released late generating a lots of confusion :(
I am getting "Internal error: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret" when I use the link to login. When I try and access an account by passing in the email it says "No token available" which I assume is down to the first problem.
Hello, the source code/example from git do not have the option for 365-get-mail-client-flow in Swagger, do you know why?, any idea how can i get that option to test the functionality?, thanks
@@sergioavendano6235 Microsoft SMTP doesn't support OAuth 2 yet unfortunately. Luckily SMTP won't be deprecated as IMAP will. Though you could switch to using an SMTP connector instead depending on your usecase if you really want something different.
I have been banging my head against the wall with one aspect of this that I can't seem to find a definitive answer on anywhere. Is access to the Office 365 Exchange Online API only available as part of a paid azure subscription? I am working on a learning side project, so am only using a basic azure subscription and that API does not come up for me.
This was so helpful, the MS documentation is severely lacking and I was looking for a way of doing this. I didn't look at your code until after i'd finished my own example of doing this in C# but it ended up being somewhat similar.
Amazing demo, thank you very much for that. Just a question, in the PowerShell command to add the app permission to the mailbox. Can I add a group with multiple email accounts?
Very informative; However the code portion is difficult to follow. What is the WellKnownConfigurationHandler; I have looked at the code and am getting lost. Thanks
I assume a basic knowledge of OIDC, well-known url are url that gives information about a special services, if you have an Identity Provider you usually append "/.well-known/openid-configuration" at the end of the url to have a json that gives you all the details of the provider (all the various url to grab token, etc etc).
Do you have to have Azure for this to work? Don't know anything about Azure. We just have an Office365 account and a .NET service running on a server in the background which handles sending emails. This uses net.mail.smtp currently but that can't use OAUTH as far as I can see.
I did the post request and got the access_token but then I get "Authentication failed" when I try to access in IMAP through imap_open in php 7. How is that possible?
Hi, thanks for the video, i get the token but then i have "Autheticantion Failed" response. I don't know what to do, i made all steps from the video except for the part of the PowerShell commands, i don't have permissions for that.
If I understood the question, probably is lack of permission on the tenant, or wrong tenant (you need to use tenant used by the office365 subscription)
As far as I know the most probably reason is: you are in a Azure Tenant that has no Office365 account (it happens if you have multiple tenant in Azure so you need to change directory, click on your avatar top right of the page and "change directory")
Sorry but I do not know/use the EWS API, I needed code to use basic IMAP / SMTP communication but I think that the process is the very same, once you obtained the token usually you set into a special header stackoverflow.com/questions/22229996/basic-http-and-bearer-token-authentication
Thanks for your video , get mail client flow works fine , but office get mail doesn't work , received this message error "No token available" Could you help me. Best regards
I'm planning to record it in the next days, it is really similar to the other one, but it could be useful for people (actually SMTP with basic auth is not going to be deprecated)
Hi actually I have the code running (I had almost three days with no connection so I had problem running the code) You can try develop branch in this repository github.com/alkampfergit/DotNetCoreOauth2/tree/develop it has a super basic HTML page answering at sample-oauth2 url. Remember also that SMTP is available only with code auth flow (the one requiring the user to click authorization link)
I followed your example and have run into this issue. MailKit.Security.AuthenticationException: 'Authentication failed.' Has anyone come access this issue?
That is a generic error, it could happen if the token is not valid or the application has not the correct permissions. Sadly enough, the remote server does not tells you what it does not like and throws a generic auth error (not giving further details)
@@codewrecks Cool. I think I've found it... But...why have MS made it so bloody complicated...!? Very little of the nonsense it asks for makes much sense to me...
Well, I am freezer in this point the message: New-ServicePrincipal: |Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException|ExternalDirectoryObjectIdRaw: The length of the property is too long. The maximum length is 256 and the length of the value provided is 1269. Someone could help me?
Tonight i will be praying and saying thank you that you exist and created this video. i was struggling so much, this REALLY helped me a lot THANK YOU!
You are so welcome
I can't overstate how helpful this video was. Thank you!
Fantastic stuff here! Thanks so much for creating. This worked for me.
I will add that I had to run:
Install-Module -Name AzureADPreview -AllowClobber to install the preview version which I believe includes the New-ServicePrincipal cmdlet.
I also had to add:
Install-Module -Name PackageManagement -Repository PSGallery -Force
Install-Module -Name PowerShellGet -Repository PSGallery -Force to enable the -prerelease switch to work.
Crazy how laborious MS made it to read an email account!
New-ServicePrincipal was downloaded once you connected to your tenant, maybe MS changed this and included in the base module :), it was one of the most annoying thing for me, because I was trying using a tenant where I had insufficient permission and I got in return that New-ServicePrincipal was not recognized (a message like "you do not have enough privilege would have been welcomed")
For the "how laborious MS", I can agree, but this is OAuth2 standard, it is really more work to do, but in the end it is more secure, and given that EMails are an important asset, I really appreciate that they took a bald move and made it a Must. A more comprehensive documenation and extensive examples would have been made the transition easier.
@@codewrecks thanks!!, I was stuck at this point and the problem was that my user did not have the necessary permissions in the tenant😘
@@codewrecks Grazie mille per il video. Sono però bloccato con il comando "New-ServicePrincipal" che non riesce ad essere riconosciuto come cmdlet valido. Ho installato tutti i moduli powershell necessari; lato User l'ho abilitato ad ogni permesso e ruolo possibile sul Tenant, mi domando quindi se ci sono suggerimenti specifici per poter superare la problematica. Grazi mille
Nel mio caso erano permessi insufficienti (ma potrebbe anche essere forse essersi connessi ad un tenant sbagliato). Purtroppo se qualche cosa non va (usualmente permessi) l'errore è quello invece di cmdlet non presente, che è abbastanza fuorviante.
@@GianMariaRicci Sto effettivamente indagando sui permessi del tenant (è unico e ho già verificato tramite ID di collegarmi a quello ove è presente la mia app).
A memoria, ricordi per caso quali fossero i permessi necessari? Io utilizzo un utente che oltre ad essere TenantAdminn è anche: Company Administrator, Exchange Administrator, Security Administrator, Privileged Role Administrator.
Grazie mille
Thank you,
This is a brilliant and clear explanation of how to get MS OAuth2 connected to Outlook Office 365.
You may have just saved my job.
I am not so familiar with Visual studio he used here and I am lost as to how he got to all these commands and which templates he used. I mean the visual studio part. Can you help with where all those commands come from, How I can replicate it on my Visual studio?
One of the best instructions I've seen so far. Thank you!
You were an absolute life saver. Thank you so much for making a really complex issue, thnx to MS, clear for mere mortals like me.
Really really helpful, thank you!
By now you can skip the -PreRelease flag as those powershell modules are generally available.
Also I found that you don't need the Graph API module at all.
Yes, some stuff changed since the video was recorded, thanks for the clarification.
Thank you for this. It saved me a ton of time and frustration.
Glad it helped!
An excellent video turned out, everything is well thought out, a very clear instruction turned out)))
How are we supposed to understand how this Principal works only with Microsoft documentation ?
I hope I will be able to use OAuth authentication in my application to connect to mailbox in imap, thanks to that video.
I can't belive that Microsoft made this difficult for us to connect to azure and be able to read a mailbox. All those steps outside the project (powershell commands and so) with what purpose? Just to add difficult to the process.
Thanks man! nice video.
Actually the problem is that OIDC and OAUTH2 were standard from long time but very few developer study them to use in their application. Google and other big player are gradually enforcing OAUTH2 everywhere. The real problem is that we lacked an official C# library with really clear step by step instruction on how to put everything in place. Also some of the CMDLet for sharepoint were released late generating a lots of confusion :(
hey, i`ll look like MS updated Azure, can`t find IMAP, there is no Office 365 Exchange Online in the selection.
BROTHER, YOU ARE THE BEST!!! You oooh really helped me!! THANK YOU VERY MUCH!
I am getting "Internal error: {"error":"invalid_client","error_description":"AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret" when I use the link to login. When I try and access an account by passing in the email it says "No token available" which I assume is down to the first problem.
Thank you so much! You saved my day yesterday with this video! Blessings to you in all you do! YAY!
Hello, the source code/example from git do not have the option for 365-get-mail-client-flow in Swagger, do you know why?, any idea how can i get that option to test the functionality?, thanks
You probably don't have the right branch
@@badatgaems hi, yes wrong video, do you have any reference or example for how to authenticate with OAuth 2 to send an email (SMTP)?, thanks
@@sergioavendano6235 Microsoft SMTP doesn't support OAuth 2 yet unfortunately. Luckily SMTP won't be deprecated as IMAP will. Though you could switch to using an SMTP connector instead depending on your usecase if you really want something different.
@@sergioavendano6235 if you are interested I've code to use OAuth2 with SMTP too, even if standard Auth will not be deprecated
@@codewrecks Yes, please if possible send me the link of the example for smtp and OAuth2, thank you
I have been banging my head against the wall with one aspect of this that I can't seem to find a definitive answer on anywhere. Is access to the Office 365 Exchange Online API only available as part of a paid azure subscription? I am working on a learning side project, so am only using a basic azure subscription and that API does not come up for me.
You need to use the Azure subscription used by your Office 365 subscription.
This was so helpful, the MS documentation is severely lacking and I was looking for a way of doing this. I didn't look at your code until after i'd finished my own example of doing this in C# but it ended up being somewhat similar.
I hope you don't mind but i'm planning on doing a video on this as well :D
Amazing demo, thank you very much for that. Just a question, in the PowerShell command to add the app permission to the mailbox. Can I add a group with multiple email accounts?
Never tried, I've always give permission to individual mailboxes
I get the error not recognized "New-ServicePrincipal" on power shell .. what could be the reason bro ?
You are connected to the wrong azure tenant, or your account has not the right permission so you cannot create new principal
You did a great job with this video.
Excellent
Keep it up
Thanks
Do I have made this configuration to read the email from Outlook....please let me know asap😢
No, outlook supports oauth2 without any additional configuration
Thanks! It's a very useful video!
Thanks a lot for your help. We were execatly looking for this.
Very informative; However the code portion is difficult to follow. What is the WellKnownConfigurationHandler; I have looked at the code and am getting lost. Thanks
I assume a basic knowledge of OIDC, well-known url are url that gives information about a special services, if you have an Identity Provider you usually append "/.well-known/openid-configuration" at the end of the url to have a json that gives you all the details of the provider (all the various url to grab token, etc etc).
Do you have to have Azure for this to work? Don't know anything about Azure. We just have an Office365 account and a .NET service running on a server in the background which handles sending emails. This uses net.mail.smtp currently but that can't use OAUTH as far as I can see.
Can you update me if you found some solution? I have the same issue
@@gabrusalona hi did you see my reply? It seems to have been deleted for some reason?
@@AthelstanEngland I do
This really helped us…works fab…thank u very much !!!
Wow! it's Amazing I did it well ! Perfect work !
I did the post request and got the access_token but then I get "Authentication failed" when I try to access in IMAP through imap_open in php 7. How is that possible?
classic error is using the wrong claim, or maybe the XOAUT2 token is not created correctly by php library.
Thank you, it works perfect!
Hi, thanks for the video, i get the token but then i have "Autheticantion Failed" response. I don't know what to do, i made all steps from the video except for the part of the PowerShell commands, i don't have permissions for that.
You need to let someone that is administrator run the powershell, or it can't work
This is great, thank you!
hanks lot Sir.. You helping us..
Thank you so much. This was fantastic. Great Job!!
Thanks for this video. You helped me a lot
Why I'm not getting APIs my organisation uses option not getting??
If I understood the question, probably is lack of permission on the tenant, or wrong tenant (you need to use tenant used by the office365 subscription)
why i can't find Office 365 Exchange Online in my APIs my orgainization uses?
As far as I know the most probably reason is: you are in a Azure Tenant that has no Office365 account (it happens if you have multiple tenant in Azure so you need to change directory, click on your avatar top right of the page and "change directory")
Thank you so much this helped a lot!!!! You saved my life
Great! Can you also share the steps for applications connecting through EWS
Sorry but I do not know/use the EWS API, I needed code to use basic IMAP / SMTP communication but I think that the process is the very same, once you obtained the token usually you set into a special header stackoverflow.com/questions/22229996/basic-http-and-bearer-token-authentication
Brilliant, saved me so much time.
I'm happy that the video was useful.
Legendary. Thank you very much
If i follow your video will this be able to work with outlook I mean i want to configure office365 email in outlook using imap
You do not need any special code to configure outlook, just open outlook and add your email and Outlook will be done everything for you.
Thanks for this. However, do you have / does anyone has a Java version of reading the mailbox?
Amazing! It saved my day! Thanks a lot. :)
I cannot find office 365 exchange online option in apis my organisation uses. Can you help?
You are probably connected to the wrong directory, you need to connect to Azure active directory connected to you O365 account
I have follow the same instructions that you provided still getting Authentication failed error , can you please provide suggestion
Well, usually it is
Wrong permission on the app or
Wrong claim in the request.
Also try to run again powershell to give correct permissions to the app
Can you post the link of your previous video please?
ruclips.net/video/Q660AYVZM0Y/видео.html Sorry for late response
im not getting option for office exchange in api permission how to configure that
Probably that azure account is not connected to an Office 365 account, so there is no exchange api because there is no exchange.
it worked! thank you so much!!
Really great work, helped me a lot! Why oh why did MS make it so hard to manage a imap connection in office 365
Thanks for your video , get mail client flow works fine , but office get mail doesn't work , received this message error "No token available" Could you help me. Best regards
What do you mean with "office get mail"?
Can you please make a similar video for OAUTH implementation for SMTP Protocol to send mails. Somehow it is not working for us.
I'm planning to record it in the next days, it is really similar to the other one, but it could be useful for people (actually SMTP with basic auth is not going to be deprecated)
Hi actually I have the code running (I had almost three days with no connection so I had problem running the code)
You can try develop branch in this repository github.com/alkampfergit/DotNetCoreOauth2/tree/develop it has a super basic HTML page answering at sample-oauth2 url.
Remember also that SMTP is available only with code auth flow (the one requiring the user to click authorization link)
I've made a video with a BIG recap as well as the code for SMTP ruclips.net/video/hOgvTDKKgnY/видео.html
Thank you very much
Wow it is really helpful! Thanks!
Glad it was helpful!
Sooo helpful! Thank you!
I followed your example and have run into this issue.
MailKit.Security.AuthenticationException: 'Authentication failed.'
Has anyone come access this issue?
That is a generic error, it could happen if the token is not valid or the application has not the correct permissions. Sadly enough, the remote server does not tells you what it does not like and throws a generic auth error (not giving further details)
@@codewrecks oauth.IsAuthenticated = false. Any tips you can offer to help track this down? Thanks for the help!
@@toddmueller Did you manage to solve the "Authentication Failed" issue? I faced the same problem.
@@ruzannamartirosyan351 Not yet. I'm still talking to Microsoft about it. More than likely it's a config issue. Once I have more details, I'll share.
Thank you so much, you saved my day!
yo bro, really thankya. Big respect
THANKS!
Perfect!
U BEST!!!
Works well!! DANKEEE
I dоwnloaded everything is okay
For once, the software is actually really useful
I'm unstoppable I'm a Porsche with no brakes
0_O
🥳
MS again doing something without doing their homework...
How do you access POP3 after Oct 2022 if you don't have an Azure account...?
If you have an Office 365 account you have your Azure Active directory associated to that subscription.
@@codewrecks Cool. I think I've found it...
But...why have MS made it so bloody complicated...!?
Very little of the nonsense it asks for makes much sense to me...
HI @CodeWrecks, could I get the SMTP OAUth2 sample code as well please, let me know hwo you want to send that code.
You can find code here github.com/alkampfergit/DotNetCoreOauth2/tree/develop just look for the sample-oauth2 controller.
Video is coming.
ruclips.net/video/hOgvTDKKgnY/видео.html
Well, I am freezer in this point the message: New-ServicePrincipal: |Microsoft.Exchange.Configuration.Tasks.ThrowTerminatingErrorException|ExternalDirectoryObjectIdRaw: The length of the
property is too long. The maximum length is 256 and the length of the value provided is 1269. Someone could help me?
What is the value of $MyApp.ObjectId? It seems that it is not what it expected, because is really too long.
This was very helpful, Thank you.
This is great, thank you!