Upgrading from basic authentication to OAuth is a little harder for many small businesses to configure on the Azure portal. Here are the steps I have done to get our EWS service to get it working. You must have admin rights to do the following.
Create an app registration
You need to log in to your Azure portal: Go to Azure Active Directory>App registrations
Next, click on New registration
Next, fill in the info
This is where you choose your access options, based on the selection, the next screen will have different options, for us, we choose Single tenant and Redirect URI option for Public client/native, if you don’t have a URL you can leave it blank
In case you need to add or change the Authentication platform, you can click on Authentication>Add a platform>Select one that works with your Business needs
Based on your selection, you will need to select the URL option, or your custom URL
Then give API permission
This can be many permissions or just a few, also based on the type of application, you may get different options
Us, we are using EWS service, so we needed office 365 Exchange Online
Then you need to select the type of permission, we are using application permissions
The only thing we can get it working was by giving full_access_as_app
You need to give admin consent to your application, so once you have all permission added, click on Grant admin consent
To create client credentials, click on Overview>Add a certificate or secret
Click on the Clent secrets>New client secret
Enter the name, this could be anything and select the time when it Expires, then click on Add
Before you click out of this screen make sure to copy the value of your secret ID, which you will need for your app. Once you leave this screen, you will not be able to get this value back, so you may need to create a new one in case you have not copied it or you need to change it.
For your application, you will need the following info, which you can find it, here
- Application ID
- Directory (tenant ID)
- Endpoints: authorize and token
- If you have selected the multi-tenant option, your Endpoints URL will be generic, like these:
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
https://login.microsoftonline.com/organizations/oauth2/v2.0/token
- If you have selected the multi-tenant option, your Endpoints URL will be generic, like these:
- Value of secrets from the step above
That’s all, hope this helps someone out there who is going through these changes in technologies