Method 1 - Using Client Secret
Enabling mail retrieval registering with Microsoft identity platform
To retrieve mails from outlook using OAUTH2 Client Secret based Authentication, obtain client_id,tenant_id,client_secret.
Follow the below links for the steps to accomplish the corresponding tasks:
- To register your application with Azure Active Directory: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Use the Client Secret Method.
- To provide API permissions to your application and create a service principal to provide access to mailboxes: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#use-client-credentials-grant-flow-to-authenticate-imap-and-pop-connections .
Configuring the component
Managed Connection Factory
- Select the "IMAP" option from the Protocol drop-down.
- Under Connection Configuration, provide the following property values:
- MailserverURL: outlook.office365.com
- MailServer Port: 993
- Provide the following additional properties:
- mail.imap.starttls.enable = true
- mail.imap.socketFactory.class = javax.net.ssl.SSLSocketFactory
Authentication Configuration
OAUTH2 is a token-based authentication which uses access token to authenticate mail server.
Post request URL for requesting access token from Microsoft server using client secret in the following format:
Testing the configuration
- Select OAUTH2 as Authentication Type
- Username - Mail Id that is associated with Azure Active Directory
Token URL - URL should be of the following format
- Add the following Request Properties:
- grant_type = client_credentials
- client_id = Application(client)ID value that is obtained from Azure Application
- scope = https://outlook.office365.com/.default
- client_secret = Replace with secret value obtained from azure application
- Test the connection using Test button in Managed Connection Factory.
Method 2 - Using Client Certificate
Generating certificate and private/public keys
Certificate and Private Key
Enter the following command to generate Certificate and Private Key using OpenSSL tool:
Enter the DN information upon prompting.
Public Key
To generate public key from (.crt) certificate, use the following command:
Enabling mail retrieval registering with Microsoft identity platform
To retrieve mails from outlook using OAUTH2 Client Certificate based Authentication, obtain client_id,tenant_id,certificate thumbprint
- Follow the steps mentioned https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app to register your application with Azure Active Directory. Use Client Certificate Method. Upload the .cer certificate file and note down the Certificate Thumbprint value.
- Follow the steps mentioned https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#use-client-credentials-grant-flow-to-authenticate-imap-and-pop-connections to provide API permissions to your application and Create a service Principal to provide access to mailboxes.
Generating Access Token
For certificate-based authentication, use the REST API for getting the access token in the following format:
Creating client_assertion JWT Token
Use https://jwt.io/ for generating the JWT token.
Header
| Name | Description |
|---|---|
| alg | RS256 |
| typ | JWT |
| x5t | Base64url-encoded SHA-1 thumbprint of the X.509 certificate's DER encoding. |
Claims (payload)
| Name | Description |
|---|---|
| aud | https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token |
| iss | {ClientID} |
| exp | expiration time after which jwt is not accepted 16739557707 |
| jti | a unique identifier for the JWT |
| sub | {ClientID} |
| nbf | time before which the JWT is accepted for processing 16739555707 |
Signing JWT Token
Sign the JWT token using Private key and Public key generated using the OpenSSL tool.
The encoded format of JWT Token gives the client_assertion
Configuring the component
Managed Connection Factory
To configure the component, follow the same steps mentioned in the Managed Connection Factory section under the Method 1 - Using Client Secret section.
Authentication Configuration
In Authentication Configuration window, replace client_secret property with
- client_assertion_type = urn:ietf:params:oauth:client-assertion-type:jwt-bearer
- client_assertion = the encoded JWT Token
