Setting Up OAuth 2.0 for Email Sending
This article guides you through setting up OAuth 2.0 for sending emails in Office 365. Learn the steps for app registration, obtaining identifiers, generating a secure app secret, and configuring permissions.
Office 365 (Micorosoft)
To configure the app registration for Office 365 in Azure AD, follow these steps:
Step 1: Setup app registration in Azure AD
First, you need to create a new app registration serving as a service principal, also known as a "machine user," to authenticate your background service against Azure Active Directory (AAD). Head to the Azure Portal, go to AAD, then App Registration, and create a new app.
Input the name of your service and retain all other settings as default, as we won't be utilizing this feature.
Step 2: Obtain DirectoryId (Tenant Id) and ApplicationId (Client Id)
Once you've registered the new app, make sure to record both the ClientId and the TenantId. Both will be required later in the email setup.
Step 3: Generate a Secret for the App
Now, you require a secret as your "password." Click on "Certificates & secrets" to generate a new client secret. Be sure to promptly note down the secret as it will be visible only once.
Step 4: Add permissions for sending emails
Then, ensure that this app registration has the appropriate API permission. Navigate to "API permissions," choose "Add permission," and then select "Microsoft Graph." Given that we are constructing a background service without a user present, opt for "Application permissions," search for "Mail.Send," and select it.
Step 5: Grant permissions
Critical note: After adding a permission, an administrator must grant this permission for the entire organization.
You will encounter a popup for "granting consent" marked with a green checkmark.
