I’m currently integrating SMTP services in my application.
I must state that I don’t have any experience with Azure.
My customers have different email providers and I allow them to configure their own providers and accounts.
I’m currently facing a problem regarding Microsoft accounts (both personal and enterprise).
I’m using MailKit.
I’ve read the instructions provided in Using OAuth2 With Exchange (IMAP, POP3 or SMTP)
I’ve created an app in Microsoft Entra
I’m using the following code for testing purposes:
using MailKit.Net.Smtp;
using MailKit.Security;
using MimeKit;
using Newtonsoft.Json.Linq;
namespace MailKitTest
{
public class EmailTest
{
private SmtpClient smtpClient;
static async Task<SaslMechanismOAuth2> GetAccessToken(string api_perm)
{
var content = new FormUrlEncodedContent(new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("scope", api_perm),
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("resource", "https://outlook.office365.com/"),
new KeyValuePair<string, string>("client_id", "<client_id>"),
new KeyValuePair<string, string>("client_secret", "<client_secret>"),
new KeyValuePair<string, string>("username", "<[email protected]>"),
new KeyValuePair<string, string>("password", "<user_password")
});
var client = new HttpClient();
var response = await client.PostAsync($"https://login.microsoftonline.com/common/oauth2/token", content).ConfigureAwait(continueOnCapturedContext: false); //nosas contas, versão 1
var jsonString = await response.Content.ReadAsStringAsync();
var jobj = JObject.Parse(jsonString);
var token = jobj["access_token"];
client.Dispose();
return new SaslMechanismOAuth2("<[email protected]>", token.ToString());
}
void sendMail()
{
smtpClient.Authenticated += Client_Authenticated;
using (smtpClient)
{
smtpClient.Connect("smtp.office365.com", 587, SecureSocketOptions.Auto);
if (smtpClient.AuthenticationMechanisms.Contains("OAUTHBEARER") || smtpClient.AuthenticationMechanisms.Contains("XOAUTH2"))
{
SaslMechanismOAuth2 at = GetAccessToken("SMTP.Send").Result;
smtpClient.Authenticate(at);
}
}
}
private void Client_Authenticated(object? sender, MailKit.AuthenticatedEventArgs e)
{
MimeMessage msg = new MimeMessage();
msg.From.Add(MailboxAddress.Parse("<[email protected]>"));
msg.To.Add(InternetAddress.Parse("<[email protected]>"));
msg.Subject = "OAUTH Test";
msg.Body = new TextPart("plain") { Text = "OAUTH Test " + DateTime.Now.ToLongTimeString() };
smtpClient.Send(msg);
smtpClient.Disconnect(true);
}
}
}
I’ve created an app in Microsoft Entra with the following:
Authentication:
Mobile and desktop applications
Supported Account Types:
Accounts in any organizational directory (Any Microsoft Entra ID tenant – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
All users with a work or school, or personal Microsoft account can use your application or API. This includes Office 365 subscribers.
Permissions:
I’ve created a client secret
Now this works for the accounts registered in my organization
When i try to configure an external account, i receive the following:
{
"correlation_id": "6a4b9d97-b92d-4552-84d2-e1d4c80b61b8",
"error": "invalid_grant",
"error_codes": [
50034
],
"error_description": "AADSTS50034: The user account {EUII Hidden} does not exist in the hotmail.com directory. To sign into this application, the account must be added to the directory. Trace ID: ba97f9bb-5b07-40b2-8a83-aefdcd8d1900 Correlation ID: 6a4b9d97-b92d-4552-84d2-e1d4c80b61b8 Timestamp: 2024-07-18 11:52:17Z",
"error_uri": "https://login.microsoftonline.com/error?code=50034",
"timestamp": "2024-07-18 11:52:17Z",
"trace_id": "ba97f9bb-5b07-40b2-8a83-aefdcd8d1900"
}
My question is
How can I make my SMTP client (The Entra App) available to anyone using Microsoft Accounts?
Any thoughts?
Thanks!
2