Microsoft Office 365 / Oauth

[gremlin]

I want to access my emails from Microsoft Office 365.
I have read the instructions, but I can't get any further at this point:

Problem with the Oauth account :

Server : outlook.office365.com
Port: 995

Snipaste_2024-11-20_16-04-15.jpg (69.07 KiB) Viewed 3804 times

Microsoft error message :

Snipaste_2024-11-20_16-05-14.jpg (55.4 KiB) Viewed 3804 times

Do you have any idea why the return address is wrong?

best regards

Steven

[Oleg]

Probably you have created WEB application in Microsoft Entra admin center. This error message is specific to WEB application. You can see it here or here
See other recommendations here

Unfortunately WEB application will not work for desktop application (for example - RoboTask)
I recommend you to use these parameters when you create application in Microsoft Entra admin center see screenshot

Register an application - Microsoft Entra admin center.png (47.43 KiB) Viewed 3773 times

- Personal Microsoft account
- Public client/native (mobile & desktop)

[gremlin]

I can't get any further here, now the error message tells me to use a "/consumers endpoint".

Snipaste_2024-11-21_14-20-27.jpg (62.49 KiB) Viewed 3645 times

That's more complicated to set up than a flight to the moon

[Oleg]

Go to Microsoft Entra admin center and enter your credentials
Next select menu (left menu) Appliactions -> App registrations
on the page click on New Registration

App registrations - Microsoft Entra admin center.png (52.25 KiB) Viewed 3642 times

Then I can see initial application parameters

That's more complicated to set up than a flight to the moon

I agree. Username and password are more convenient and suitable for most cases.

[gremlin]

Thank you very much.
I had already done exactly this.
But then I get the error message from my previous post.

Snipaste_2024-11-21_15-22-43.jpg (74.54 KiB) Viewed 3641 times

1:Client Email
2:Client ID (from Microsoft center)
3:Client Secret (from Microsoft center)
4: when I click this, the error message appears (previous post)
5: are these settings correct? (Predefined endpoints)

[Oleg]

1:Client Email

It must be email registered on Outlook. I use my email ****@outlook.com

2:Client ID (from Microsoft center)

Yes. This is you registered application/client ID

3:Client Secret (from Microsoft center)

I live this field empty because Outlook service says that is must be empty for personal account

5: are these settings correct? (Predefined endpoints)

Try to use the option Microsoft Outlook (personal). Your error message requires consumers end points

OAUTH settings.png (41.1 KiB) Viewed 3638 times

I just created new desktop application in my MS account and it works

Another one question: have you granted permissions for "desktop application" as follows:

Permissions - Microsoft Entra admin center.png (51.75 KiB) Viewed 3638 times

[gremlin]

Thank you very much.
The permissions were missing for me. I have now created them based on your screenshot.
but unfortunately this error message is now appearing:

Snipaste_2024-11-22_10-57-50.jpg (33.45 KiB) Viewed 3453 times

I changed the "Endpoints" to "Personal".
best regards
steven

[Oleg]

When the "Get refresh token" button is clicked, the redirection URI is sent to http://localhost with a random port number. (for example http://localhost:7274/). This redirection URI has sent in initial request as parameter (аs required by the protocol for obtaining the token)
A small HTTP server lives in the application and waits for the refresh token.

Are you using a very paranoid firewall? All browsers consider localhost to be a trusted server, because it is your local computer

Also check if IPV4 is enabled for your network environment.

Ethernet settings.png (31.36 KiB) Viewed 3448 times

[Oleg]

Additionally:

• Go to Microsoft Entra admin center
• Open your application
• and check Authentication parameters

You should see something like this:

Configure platforms - Microsoft Entra admin center.png (92.63 KiB) Viewed 3408 times

If you don't registered any platform
1. Go to authentication
2. Press "Add platform"
3. Select Mobile & Desktop applications
4. Enter to "Custom redirect URL" http://localhost

I realize it's complicated, but if you don't set up your MS account properly, OAUTH authorization won't work

[gremlin]

Hello,
Thank you very much.
If I now click on "Refresh Token", I get a blank page in a new browser window and in the top left corner it says "200 OK".
But no refresh token is passed to Robotask, the field remains empty.
The URL called is:

Code: Select all

http://localhost:7992/?error=invalid_request&error_description=AADSTS9002331%3a+Application+%27ed6737e4-de8b-403d-b309-ba941e10a464%27(Robotask)+is+configured+for+use+by+Microsoft+Account+users+only.+Please+use+the+%2fconsumers+endpoint+to+serve+this+request.+Trace+ID%3a+d56b1488-72c9-4d7b-a30e-681f7bbd3100+Correlation+ID%3a+5e3520a0-8936-4f0d-873e-9472abd484f7+Timestamp%3a+2024-11-25+09%3a51%3a18Z#

The operating system is Windows Server with Microsoft Firewall, so nothing unusual....
I have now adjusted the settings in Microsoft Entra admin center to your settings.

Maybe you have an idea what I did wrong.

Best regards
Steven