How to log on to user mailbox from service using oAuth and MS Graph API

笑着哭i 提交于 2021-01-29 18:39:56

问题


I am adding oAuth authentication support to daemon application. In case of IMAP, application logs on to every mailbox by specifying userID/password. Office365 oAuth access requires application registration and uses Clients Credential Grant flow. In this case, application authenticates with Azure AD once and accesses every mailbox using oAuth token. This authentication flow requires significant changes of existing code base. I would like to access mailbox in logically same way as IMAP (specify user credentials for every mailbox). Office365 supports that authentication flow but it uses system browser where interactive user gives consent to access mailbox. My daemon application runs as headless service with no access to system browser. How to logon to users mailbox with users credential?


回答1:


OAuth 2.0 Resource Owner Password Credentials (ROPC) grant allows an application to sign in the user by directly handling their password.

An authorization request sample for your reference:

// Line breaks and spaces are for legibility only.  This is a public client, so no secret is required. 

POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20openid%20profile%20offline_access
&username=MyUsername@myTenant.com
&password=SuperS3cret
&grant_type=password

Please note that there is a warning:

Microsoft recommends you do not use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.



来源:https://stackoverflow.com/questions/61200589/how-to-log-on-to-user-mailbox-from-service-using-oauth-and-ms-graph-api

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!