0 votes

I have an app registered in Azure set up to run as a service that would like to use to access shared mailboxes with oAuth2. Is this possible with mail.dll.

by

1 Answer

0 votes

Normally to log-in into a shared mailbox of Exchange/Office365 special username had to be used:

client.Login(
    @"Username@DomainName\SharedMailboxAlias", 
    "UserPassword");

Office365 allows accessing shared mailboxes when authenticated using OAuth2:

"In case of shared mailbox access using OAuth2, application needs to obtain the access token on behalf of a user but replace the userName field in the SASL XOAUTH2 encoded string with the email address of the shared mailbox."

In other words:

client.LoginOAUTH2(
    @"email address of the shared mailbox", 
    "userAccessToken);
by (297k points)
edited by
what am I supposed to user for  Username@DomainName.  The app is authenticating and getting a token as the application itself.  Its not running as an AD user.
I don't think I understand. How do you authenticate to access user's regular folders (not shared)?
The application is authenticating not a user.   The application does not have folders or a mailbox.   I am able to use this to access outlook  Graph and read emails.   But I don't want to go that route.
LoginOAUTH2 requires you to use a specific user with your token.
If your token is valid for all users, it should work with every user provided.
Note that shared mailbox has an email address.

That being said:
I don't think Exchange/Office365 supports 'OAuth2 client credentials grant flow'.
It supports 'OAuth2 authorization code flow' and 'OAuth2 Device authorization grant flow' - access token on behalf of a user flows.
What will be the recommended  method for connecting with IMAP without user interaction when Microsoft turns off basic authentication next year?
Is there an example with application passwords and office 365?
Turn on Two-step verification for the account, follow the steps described here: https://support.microsoft.com/en-us/account-billing/5896ed9b-4263-e681-128a-a6f2979a7944 in order to create app password (Security basics/More security options /App passwords)

Log in normally using UseBestLogin("user@example.com", appPassword);
...