General

Prerequisites

OAuth authentication for EWS is only available in Exchange Online as part of Microsoft 365
EWS applications that use OAuth must be registered with Azure Active Directory.

Required keys

• Application (client) ID - client_id
• Directory (tenant) ID - tenant_id
• Secret Value (Not Secret Id)
  • This disappears once it is created and window changes - secret_value

  • NB: This is only for Application Access

Setup

Go to the Azure Portal
Click ‘view’ under “Manage Azure Active Directory” > “App registrations”
Either Click to edit a Registered App or click on “New registration” Under “Authentication” , Setup Supported Account Types and Advanced Settings

Authentication

Setup Supported Account Types and Advanced Settings

Enable “Allow public client flows”

The following are Default URLs

https://login.microsoftonline.com/common/oauth2/nativeclient
https://login.live.com/oauth20_desktop.srf
msal{client/tenant id}://auth

Setup the following Custom Redirect Urls

http://127.0.0.1/
urn:ietf:wg:oauth:2.0:oob

Application Access

Expose an API:

Add the following scopes:

Add a client application

• Select both added scopes
• Add your client id for the application
• Submit

Manifest

Add the below object to the requiredResourceAccess array

{
  "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
  "resourceAccess": [
    {
      "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40", 
      "type": "Role"
    } 
  ]
}

App Roles

Add a new Role

API permissions

Click the Grant admin consent for *****

It should show Granted For **** under the status column for the row full_access_as_app

References

Azure Portal