I am testing 2-legged OAuth 2.0 integration for POP3 in a desktop application. The app has a service component that sends and receives emails from a single account in the background.
I set up a @outlook.com account to test with, and started a trial for Azure using this account.
I'm not very clear on the relationship between the Outlook account and the Azure tenant though. If I provide my app "Mail.Send" permission for the Graph API (or "full_access_as_app" for the Exchange API) and request a token, can I use that token to authenticate the @outlook account?
The outlook account shows up as a User on the Azure directory. Is that sufficient to grant my app access to the account via the Graph API?
Any info on this would be greatly appreciated! Please let me know if there is a better way to set up this testing.
EDIT:
I thought I'd post the tokens I'm getting back from both endpoints. I receive a "protocol error" when I try to authenticate on either the outlook.office365.com or pop3.live.com servers using these tokens. Which is why I wanted to make sure it's possible to authenticate an outlook account using one of the above APIs.
I've also tried registering for an Exchange Online trial with the same outlook account and testing with the Exchange email address. I receive the exact same "protocol error"
Graph Endpoint:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
"iat": 1585688162,
"nbf": 1585688162,
"exp": 1585692062,
"aio": "42cAAh59R94bYs4Je0Kn290+uwUA",
"app_displayname": "Remindex",
"appid": "ad2ead7c-edb9-476f-8209-ecb29e1b7355",
"appidacr": "1",
"idp": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
"oid": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
"roles": [
"Mail.ReadWrite",
"Mail.Send"
],
"sub": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
"tid": "04669076-130f-49aa-b6b8-171a9e74b324",
"uti": "gpIYvaSYikuDnd6CFQAnAA",
"ver": "1.0",
"xms_tcdt": 1585156686
}
Exchange Endpoint:
{
"aud": "https://outlook.office365.com",
"iss": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
"iat": 1585688002,
"nbf": 1585688002,
"exp": 1585691902,
"aio": "42dgYNjxvn/mtBN+7zm3/vu4L0yyAgA=",
"app_displayname": "Remindex",
"appid": "ad2ead7c-edb9-476f-8209-ecb29e1b7355",
"appidacr": "1",
"idp": "https://sts.windows.net/04669076-130f-49aa-b6b8-171a9e74b324/",
"oid": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
"roles": [
"full_access_as_app",
"Mail.ReadWrite",
"MailboxSettings.ReadWrite",
"Mail.Read",
"Mail.Send",
"MailboxSettings.Read"
],
"sid": "f4596631-bebc-4308-8b46-8ea14b842739",
"sub": "0f7a5174-fcce-4752-ae07-ba8e64de467f",
"tid": "04669076-130f-49aa-b6b8-171a9e74b324",
"uti": "0lyqmDTwPEqSeXwQYHUlAA",
"ver": "1.0"
}
Please let me know of any additional information that would be helpful to include