Filip Kasaj

Reconciled action with the stream of life.

User Tools

Site Tools

Trace:
technet:m365:oauthimappopsmtp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
technet:m365:oauthimappopsmtp [2023/08/03 08:55] – removed - external edit (Unknown date) A User Not Logged intechnet:m365:oauthimappopsmtp [2023/08/03 08:55] (current) – ↷ Page moved from technet:oauthimappopsmtp to technet:m365:oauthimappopsmtp fk
Line 1: Line 1:
 +====== Authenticate an IMAP, POP or SMTP connection using OAuth ======
 +
 +You can use the OAuth authentication service provided by Azure Active Directory (Azure AD) to enable your application connect with IMAP, POP, or SMTP protocols to access Exchange Online in Office 365. To use OAuth with your application, you need to:
 +
 +  - Register your application with Azure AD.
 +  - Get an access token from a token server.
 +  - Authenticate connection requests with an access token.
 +
 +Alternatively, you can select an appropriate flow from the following list and follow the corresponding steps to call the underlying identity platform REST APIs and retrieve an access token.
 +
 +  - OAuth2 authorization code flow
 +  - OAuth2 device authorization grant flow
 +  - OAuth2 client credentials grant flow
 +
 +https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
 +
 +1. OAuth2 Authorization Code Flow:
 +- This flow is typically used for web applications or applications with a backend server.
 +- The process starts with the application redirecting the user to the authorization server's login page to authenticate.
 +- Once the user is authenticated, the authorization server redirects back to the application with an authorization code.
 +- The application then exchanges this authorization code for an access token and a refresh token by making a backend request to the authorization server.
 +- The access token is used to access the user's protected resources, and the refresh token can be used to get a new access token when the old one expires without involving the user again.
 +
 +2. OAuth2 Device Authorization Grant Flow (also known as Device Flow):
 +- This flow is suitable for devices with limited input capabilities, such as smart TVs or IoT devices.
 +- The process starts with the device displaying a user code and a verification URL.
 +- The user needs to visit the verification URL on another device and enter the user code to authenticate themselves.
 +- Once the user is authenticated, the device can then exchange the device code for an access token and, optionally, a refresh token.
 +- This flow is designed to handle scenarios where the user interaction happens on a separate device, making it more convenient for devices without traditional web browsers.
 +
 +3. OAuth2 Client Credentials Grant Flow:
 +- This flow is used for server-to-server communication or when an application needs to access its own resources.
 +- There is no user involvement in this flow, meaning it does not authenticate a specific user.
 +- The application directly sends its client credentials (client ID and client secret) to the authorization server.
 +- The authorization server validates the credentials and, if successful, issues an access token to the application.
 +- The access token obtained in this flow is used to access the application's own resources on the server.
 +
 +In summary, the OAuth2 Authorization Code Flow is used for web applications with user involvement, the Device Authorization Grant Flow is designed for devices with limited input capabilities, and the Client Credentials Grant Flow is for server-to-server communication without user involvement.