question

albertomori-9242 avatar image
1 Vote"
albertomori-9242 asked YukiSun-MSFT edited

Microsoft Office 365 Outlook sending emails using OAuth2 Authentication

Hi all,

I'm trying to build a deamon service which sends email using OAuth2 Authentication with Office 365.

We created the app on Azure and set all scopes and permissions (both to Graph section and Exchange Online section).

We're using MailKit as library. We successfully obtain an access token with the follow implementation:

 var scopes = new [] {"https://graph.microsoft.com/.default"};
    
 var app = ConfidentialClientApplicationBuilder
    
 .Create(client_id)
    
 .WithTenantId(tenant)
    
 .WithCertificate(certificate)
    
 .Build();
    
 var token = await app.AcquireTokenForClient(scopes).ExecuteAsync();
    
 return token;

But when we try to authenticate using the SmtpClient we receive an error 535: 5.7.3 Authentication unsuccessfull. The code we're using is the following:

 var parser = await GetOfficeCredentialsServiceV1();
    
 var office365User = "myuser@mydomain.onmicrosoft.com";
    
 using (var client = new MailKit.Net.Smtp.SmtpClient())
    
 {
    
 client.ServerCertificateValidationCallback = OnValidateCertificate;
    
 await client.ConnectAsync("smtp.office365.com", 587, SecureSocketOptions.StartTls);
    
 var oauth2 = new SaslMechanismOAuth2(office365User, parser.AccessToken);
    
 await client.AuthenticateAsync(oauth2); // ERROR
    
 //.....
    
 }

Using a personal account withthe following code we're not experiencing any error and the e-mails are sent correctly:

 var app = PublicClientApplicationBuilder.CreateWithApplicationOptions(options).Build();
    
 var accounts = await app.GetAccountsAsync();
    
 var scopes = new []
    
 {
    
 "user.read", "Mail.Read", "Mail.ReadBasic", "Mail.ReadWrite", "Mail.Send", "email",
    
 "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"
    
 };
    
 var authToken = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
    
 .WithForceRefresh(true)
    
 .ExecuteAsync();

Are we missing some configuration on the Azure App or something else?

Thank you




office-outlook-itprooffice-exchange-server-mailflowmicrosoft-graph-mail
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi anonymous user,

Welcome to Microsoft Q&A!

Considering that your question is related to develop service using Graph, but the "office-outlook-itpro" tag is only for general issues about Outlook client and the "office-exchange-server-mailflow" is for mail flow questions involving Exchange server. So I'll add a tag for "microsoft-graph-mail and hope your issue could be resolved soon.

1 Vote 1 ·

1 Answer

michev avatar image
0 Votes"
michev answered michev commented

You don't need to use SmptClient, once you have the access token (with necessary permissions), use the /sendMail endpoint. Here's a recent article that walks you over the process: https://practical365.com/upgrade-powershell-scripts-sendmailmessage/

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @michev, thanks for your answer and sorry for the late reply (I'm currently on vacation).
I've just spoken with the other devs which are currently developing the spike and they confirmed me that your solution works properly.

However, we're wondering why with an SMTP Client the approach did not work.

Many thanks again.

Alberto

0 Votes 0 ·

Because you are getting the token in the context of an application (client credentials flow), not a user.

0 Votes 0 ·