CODEWITHSUNDEEP
c#authenticationoauthexchange-serverexchangewebservices
user3387175
user3387175

Reputation: 9

Authenticate an EWS application by using OAuth is not working

I am changing my existing c#-app from basic authentication to OAuth Authenticate.

I'm using the code example from Microsoft learn page:

// Using Microsoft.Identity.Client 4.22.0
var cca = ConfidentialClientApplicationBuilder
.Create(ConfigurationManager.AppSettings["appId"])
.WithClientSecret(ConfigurationManager.AppSettings["clientSecret"])
.WithTenantId(ConfigurationManager.AppSettings["tenantId"])
.Build();

// The permission scope required for EWS access
var ewsScopes = new string[] { "https://outlook.office365.com/.default" };

//Make the token request
var authResult = await cca.AcquireTokenForClient(ewsScopes).ExecuteAsync();


On the Azure Active directory in App-Registration with the rigths Mail.* ( see attached image 
)

[App rigths]

when I try to get the token with AcquireTokenForClient I get this error:

A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal... ErrorCode: "invalid_client" HResult: -2146233088*

Thanks for help Dani

Upvotes: 0

Views: 466

Answers (1)

Glen Scales
Glen Scales

Reputation: 22032

The only permission that is valid for EWS when using the client credentials flow is full_access_as_app

enter image description here

The Mail. permissions are all for the Graph which supports a much more restrictive permission model that EWS does not. I would suggest you read https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth you has the information you need to modify the manifest directly to add the correct permissions

Upvotes: 1

Related Questions