File mover software: move, copy, delete your files with our filemover | Blog | ORDER NOW

Contact Us Now

[contact-form-7 id="1125" title="Contact form 1"]

OAuth2

Home / Posts Tagged "OAuth2"

27 Jun
Sending an email using Office 365 SMTP and OAuth2 authentication
Q: Sending an email using Office 365 SMTP and OAuth2 authentication
“AZURE setup”
Login to Azure portal. In “App registrations” create a “+ New registration”.
Register the app with Redirect URI = “http://localhost:3017”.
Goto “API permissions” to add permissions. For this SMTP and OAuth2 authorization flow, we’ll add the following “Delegated permissions”:
offline_access
openid
SMTP.Send
IMAP.AccessAsUser.All is there because of a previous test (not needed for SMTP)
To add a Delegated permission, click ‘+ Add a permission’ and select ‘Microsoft Graph’

Select ‘Delegated permissions’
Search for the different permissions, select and click ‘Add Permissions’.
4) Go to “Certificates & secrets” and add a new client secret.
Important, the ‘Value’ field is the Client Secret which we need later during the setup in Limagito File Mover. This Value is only fully visible just after creation!
Do not use the Secret ID (common mistake).
5) In “App registrations”, go to “Endpoints” (located to the right of the “+ New registration” link. Note your endpoints for “OAuth 2.0 authorization endpoint (v2)” and “OAuth 2.0 token endpoint (v2).
“Microsoft 365 admin center setup”
Important, go to your Microsoft 365 admin center (this is NOT Azure).
Go to your Active users.
Click on a user to find the “Manage email apps” link under the Mail Tab. See Microsoft 365 Manage Email Apps.
Be sure ‘Authenticated SMTP’ is enabled
When not enabled you’ll receive the following error message after trying to send an email using Limagito File Mover:
“Using a shared mailbox?”
In case you want to send emails using a shared mailbox:
Open Microsoft 365 admin center setup
Select ‘Teams & “groups”
Click “+ Add a shared mailbox”
Add a shared mailbox
Click “Add members to your shared mailbox”
Search for members and add. The account you used previously during the ‘App registration’ in Azure must be added as member.
If the shared mailbox member is not correct, you’ll receive the following error:
“Limagito File Mover setup”
We’ll be using the Office 365 SMTP to send emails from our ‘Rule Events’ option.
We enabled the ‘On Success ‘ event and enabled ‘Enable Mail’:
Office 365 SMTP Server setup:
Adjust the Security setup:
Office 365 Auth2 setup:
1) Fill in the correct Authorization and Token Url from previous “Azure setup”
2) Enter Application Client ID and Client Secret Value from previous “Azure setup”
3) Adjust your scope to: openid profile offline_access https://outlook.office365.com/SMTP.Send
Provide a SPACE separated list of scopes.
Important: The offline_access scope is needed to get a refresh token.
4) Set Redirect URI to: http://localhost:3017/
5) Set Redirect Port to 3017
This should be the port in the localhost callback URL for your app.
The callback URL would look like “http://localhost:3017/”, if the port number is 3017.
The redirect must go to http://localhost
It must be localhost and it cannot be “https”.
Next, click on the <GET> button.
Should ‘Windows Defender’ popup, please <Allow access>.
Your browser will open and ask you for ‘Confirmation’.
Follow the routine in your browser and accept the authorization request.
Now you can close the browser. The ‘Refresh’ and ‘Access’ Token in the OAuth2 Setup should contain values. Click <Save>.
Office 365 email setup
Try your setup using the test button
Email result
Some extra information: ‘Explaining OAuth2 Authentication’.
The OAuth2 Get Token button does a couple of things:
It starts the OAuth2 Authentication process.
Returns a URL that should be displayed in a browser.
Starts a background thread to receive the redirect callback from the browser.
The flow of control is like this:
The browser (popped up and displayed by our file mover) automatically navigates to the URL provided by Start Authentication.
The user interactively authorizes the access. In doing so, the response sent back to the browser is a redirect to http://localhost:<someport>/
The browser receives the response, and redirects to the http://localhost:<someport>/
The background thread (= temporary HTTP server using <someport>) is the thing that is listening at and receives the response, and then your OAuth2 is completed.
The redirect must go to http://localhost:<someport>/. It must be localhost, and it cannot be “https”. If you defined your application’s redirect URL to a web address such as “https://yourdomain.com/something…”, then the background thread is just sitting there waiting for the callback, which never happens (because it went to your web server).
#office365 #mft #Filetransfer #smtp
If you need any info about this “Office 365 SMTP”, please let us know.
Best regards,
Limagito Team
By Limagito-Team 365 SMTP 365, OAuth2, Office 365 SMTP, shared mailbox, SMTP
27 Oct
Google Drive migrate from the OAuth out-of-band (OOB) flow
How to migrate from OAuth out-of-band (OOB) flow
Google Out-Of-Band (OOB) flow Migration Guide
Key compliance dates
February 28, 2022 – new OAuth usage blocked for the OOB flow
September 5, 2022 – a user-facing warning message may be displayed to non-compliant OAuth requests
October 3, 2022 – the OOB flow is deprecated for OAuth clients created before February 28, 2022
Please open your Google Drive Setup in Limagito File Mover because we’ll need to make some adjustments.
– We switched to API v3 but should also work with v2. When using API v3 and x64bit, please use a version starting from v2022.10.27.0
– Please add the following information to the OAuth2 setup:
– Authorization Endpoint URL: https://accounts.google.com/o/oauth2/v2/auth
– Token Endpoint URL: https://www.googleapis.com/oauth2/v4/token
– Client ID
– Client Secret
– Scope: https://www.googleapis.com/auth/drive
– Redirect URI: http://127.0.0.1
– Redirect Port: 3017 (can be any other port that is not in use)
Click GET and your browser will open. Please follow the steps in your browser and after acceptance we will automatically fill in Refresh Token and Access Token. Do not forget to <Save> afterwards.
—
#FileTransfer #OAuth
If you need any info about this ‘migrate from OAuth out-of-band (OOB) flow’ How To, please let us know.
Best regards,
Limagito Team
By Limagito-Team Google OAuth2 oauth, OAuth2, OOB, Out-Of-Band
23 Oct
SharePoint OAuth 2.0 authorization code flow
Version v2023 is needed and available here.
This blog article is based on the following information: Microsoft identity platform and OAuth 2.0 authorization code flow
First you’ll need to register an AD app with your AD Tenant. It will assign you the necessary information you need for the OAuth2 setup.
Some links to get you started:
How-to access sharepoint rest api using oauth
Configure a client application to access a web API
14th of July 2023, We received feedback from our user Christoph today that he used the settings below together with our latest version v2023.7.10.0 successfully.
We added some screenshots of a possible setup in our File Mover:
Please set Auth Type in our SharePoint setup to: ‘OAuth 2.0 Authorization Code Flow’
OAuth2 Setup:
Enable ‘Code Challenge’
Enable ‘Include Nonce’
Set ‘Authorization Endpoint URL’
https://login.microsoftonline.com/%realm/oauth2/v2.0/authorize
%realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
Set ‘Token Endpoint URL’
https://login.microsoftonline.com/%realm/oauth2/v2.0/token
%realm will be replaced by the Realm value (= Tenant or Tenant_ID). You can also enter the full URL including the Tenant.
Enter your Client ID and Client Secret (please check the article howto create them)
Set ‘Scope’ to: openid offline_access https://yourSite.sharepoint.com/Sites.ReadWrite.All
Replace the YourSite part with the <Tenant> name you are using.
Don’t forget to add “Sites.ReadWrite.All” to the Permissions in your Azure setup.
Permissions Type must be Delegated.
FYI: Delegated permissions, also called scopes, allow the application to act on behalf of the signed-in user.
An alternative could be: openid offline_access https://yourSite.sharepoint.com/.default
Leave Resource empty
Leave Response Mode empty to omit the default response_mode “query” param.
Leave Response Type empty, this way the default value “code” will be used.
The Redirect URI should be http://localhost/ (and not https://localhost/)
Be sure to add the redirect URI in Azure too, combined with the Redirect Port in the example it would be: http://localhost:3017
When using %realm in the ‘Authorization or Token Endpoint URL’
Please set ‘Realm’ to your Tenant of Tenant_ID
After the setup, please click on the <Get> button. If you get a firewall popup, you’ll need to accept this otherwise we will not be able to capture the Tokens.
Follow the steps in the browser and it should fill the Refresh and Access Token afterwards. Do not forget to click <Save>.
Common Setup:
If you want extra debug information during the test, please enable ‘Add Control Information to Log’
> Some information about why we use http://localhost/ as redirect URI:
In the case of a desktop application like our Limagito Remote Tool, you don’t have the capability to receive a redirect on a web server. Our tool will create a temporary background thread for the single purpose of receiving the redirect. Thus the local temporary web browser that interactively gets permission from the account owner is always communicating with your application on the same local machine. There is no communication across the Internet for the redirect, and therefore no HTTPS is needed. In fact, you cannot really use HTTPS because what server certificate would you use? You’d run into all sorts of trust issues with the browser not being happy with some self-signed “localhost” certificate. There’s just no point in opening that can of worms because it’s not even necessary.
#Filetransfer #SharePoint
If you need any help with this ‘how-to-access-sharepoint-rest-api-using-oauth’ option, please let us know.
Best Regards,
Limagito Team
By Limagito-Team SharePoint oauth, OAuth2, SharePoint

SEARCH

ARCHIVES

Limagito filemover is an automated file mover solution handling everything from moving, deleting to copying files.

Please don’t hesitate to contact us if you have any questions about our product and services.

DISCOVER OUR SITE

How to import data into a SQL table where a primary key as guid is needed

April 21, 2024 no responses

Generate Certificate Signing Request (CSR)

April 21, 2024 no responses

How to export all rules to CSV with column name, source and destination

April 20, 2024 no responses

© 2007-2024 IT services & software development by CPsoft // Webdesign & webhosting by Siteplan