While integrating with Aspose.dll using Oauth which grant types are supported

Hi,

We are using Aspose.dll version 22.8.0 an migrating to OAuth authentication.

We are facing below issues , please check and let us know.

The example provided in the documentation in below link shows grant type as password “private const string grant_type = “password”;” .Is client credentials grant type not supported in Aspose?

Also in one of the support links the scope was suggested to use as below and when tried below with client credentials grant type getting error
Exception : " Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI)."

string[] scopeAr = new string[]
{ “Sign in to Outlook”,

                    };

you have to use :

string[] scopeAr = new string[]
{
“User.ReadWrite”,
“Mail.ReadWrite”,
“Mail.Send”,
“Notes.Create”,
“Notes.ReadWrite”,
“Notes.ReadWrite.All”,
“MailboxSettings.ReadWrite”,
“Contacts.ReadWrite”,
“Contacts.ReadWrite.Shared”,
};

@kjyothsna

Please read the following detail to login into Office 365 account using Modern Authentication. Hope this helps you.

How To Enable or disable modern authentication

To use modern authentication, make sure that it is enabled. Modern authentication is enabled by default in Exchange Online. For tenants created before August 1, 2017, modern authentication is turned off by default.
In the Microsoft 365 admin center at https://admin.microsoft.com, go Settings > Org Settings > Modern Authentication. In the Modern authentication flyout that appears, you can identify the protocols that no longer require Basic authentication.
For new Office 365 tenants in Azure, Basic Authentication is disabled by default for all applications. In this case, the text will be displayed in this section.

Your organization has security defaults enabled, which means modern authentication to Exchange Online is required, and basic authentication connections are blocked. You must turn off security defaults in the Azure portal before you can change any settings here.

You can enable Basic Auth support for tenant from the Azure portal (Azure Active Directory → Properties → Manage Security defaults → Enable Security defaults = No ).
For more information, see the documentation on Enable or disable modern authentication for Outlook in Exchange Online | Microsoft Learn

How To use modern authentication with EwsClient

To use modern authentication with EwsClient the following is required:

  1. App registration with Azure Active Directory.
  2. Adding code to get an authentication token from a token server.
  3. Using the token to authenticate.

Note: There are two types of permissions that can be used to access EWS. Choose a specific type of permission, depending on the app you are creating:

  • Delegated permissions are used by apps that have a signed-in user present. For these apps, either the user or an administrator consents to the permissions that the app requests. In other words, when you connect to the service, a dialog window will appear to enter username and password. App can never have more privileges than the signed-in user.
  • Application permissions are used by apps that run without a signed-in user present, for example, apps that run as background services or daemons. Only an administrator can consent to application permissions.

Refer to Microsoft documentation for more information: Authenticate an EWS application by using OAuth | Microsoft Learn

App registration with Azure Active Directory

The registration procedure depends on the type of permission selected. To register your app, refer to the Microsoft documentation:

You can download full code example to use modern authentication with IMAP and SMTP clients from here: EWSModernAuthenticationImapSmtp.zip (3.9 KB)

You can also download full code examples to use different permission types of modern authentication with EWS client from here:
With Application authentication - EWSModernAuthenticationApp.zip (3.4 KB)
With Delegated authentication - EWSModernAuthenticationDelegated.zip (3.6 KB)

This helped but in my case it was due to the access permission to be provided in azure by admin.
We have one more issue where the token has expiry of 1hr and we have process that will be running for more than an hour , is it possible to use a refresh token in such case so that the process which is in progress will not be failed.

Thanks,
Jyothsna.

@kjyothsna

It seems that your issue is not related to Aspose.Email. Could you please share some more detail about your requirement? We will then provide you more information on it.