does anybody know if it is possible to create an email client app which retrieves mails from a O365 account via MS Graph without registering the app in Azure AD?
I think there must be, because how could email apps like the in-built email on the iphone connect to O365 accounts without this? There, I enter my email adress, password and one time (each 90 days) my token which I received via phone (and what I think is cached somewhere?)
Any hints or tips are highly appreciated.
Thanks in advance.
The client can send some request header showing they are authorized, but if the app (for eg: email app) sends the same request header, it will be rejected unless it's registered.
Thank you Md Farid for the comment, In most cases, Microsoft Graph API also need required permission along with token.
The below document involves manually registering an app with the Azure AD, using OAuth 2.0 On-Behalf-Of flow
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
Related
Does anyone know how I can send an email via my webserver (Azure Functions) to gmail?
This is for clients to contact us through a website so it needs to be frictionless and without a challenge.
I have followed this guide
https://developers.google.com/gmail/api/quickstart/dotnet?authuser=1
After creating my own implementation of IDataStore for Azure, I have painfully realised that this will try to challenge via the web browser.
We previously had this working using SMTP using similar method to this
How to send email by using MailKit?
but this requires us to set the 'Allow Un-secure Apps' flag which after a period of time automatically switches off and causes our contact us page to stop working.
I guess this should be possible using an API key which I have created but I can't find any documentation on how to send an email using just the API Key.
Gmail api route using google .net client library.
If you are using a gsuite domain email address then you can use a service account. Let me know if you need some code for this.
Otherwise you will need to run your code once locally authorize it stave the refresh token then set up your Idatastore to use the refresh token that you pass to it. As long as the refresh token is used regularly it shouldnt expire. Thats not saying it cant but it shouldnt it will need to be babysat a little if it fails just generate a new refresh token for it and it will be up and running again.
smtp route
if you want to use smtp your probably going to have to work out Xoauth2 I am not aware of anything out of the box for C# that works with that and the Google .net client library does not work with the smpt server.
I'm trying to develop one c# console app to read emails using service account without user's consent but I am not getting proper guidance how to achieve it? I have followed steps as per domain wide delegation of authority but it redirects to authorization screen to ask permission.
Actually I want to develop solution like Exchange API streaming notification where I can read email when new event occurred on server and insert it into database using impersonated user.
I have a social network that written in Microsoft tech stack and when users register on that I create an ejabberd user using rest API until now everything works perfectly.
But for chat clients authentication with ejabberd, I don't want to send Ejabberd username and password to clients. I want to send a token to clients to authenticate.
Questions:
Did I chose right approach to integration?
If yes, how can I clients authentication token from ejabberd?
If no, in scenarios like this what is the right approach?
I would use ejabberd HTTP auth contribution module, so that you can decide how you want to check your password or token directly on the back-end.
You can get that contribution on Github: https://github.com/processone/ejabberd-contrib/tree/master/ejabberd_auth_http
I would like to get the photos of my users from outlook and store them in my database. I want it to be done automatically by the programm with no user interaction required, because i know their email and password.
I´m trying to use this guide:
https://msdn.microsoft.com/en-us/office/office365/api/use-outlook-rest-api#UseaclientlibrarytoaccesstheOutlookRESTAPIGetanaccesstoken
I have already registered my website (.NET MVC 5), but I don´t know how to do the authentication and access token part, because half of the links of the guide don´t work and i can´t find any helpful tutorial / code snippets somewhere else.
I´m deeply grateful for any help.
Instead of using Office 365 REST API, we can use the Microsoft Graph.
And since you don't want to the user participate in the authentication, you can using the Client Credentials Grant Flow which permits a web service (a confidential client) to use its own credentials to authenticate when calling another web service, instead of impersonating a user.
Here is the REST API to get the photo for a specific user for your reference:
GET:https://graph.microsoft.com/v1.0/users/user1#yourdomain.onmicrosoft.com/photo/$value
The app requires one of the following scopes to request the photo of user:
User.Read; User.ReadBasic.All; User.Read.All; User.ReadWrite.All; User.Read
And refer to here to register the app using the Microsoft Graph API.
I would like to send an invitation request from my Facebook application written in C#.
Here is what I tried:
_fbService.API.notifications.sendEmail(DataList1.DataKeys[e.Item.ItemIndex].ToString(),"Invitation to play a game", "You are invited to play the game","");
This does not work, it only sends a notification, not a request.
What am I doing wrong?
If you are asking how you can send invitations to users who have not authorized your application (i.e. not inviting your application users to use a new feature or participate in an activity), then you can't with the API.
From the API documentation - Notifications.sendEmail:
Sends an email to the specified users, who have both authorized your application and granted it the email extended permission.
The API function that did allow this was Notifications.sendRequest but it has been disabled, perhaps due to consideration of abuse and security. See the documentation for the alternative.