alejcas
commented
3 years ago I don’t know for sure. Can you look for this in the ma graph docs?
Open alkimist opened 4 years ago
alejcas
commented
3 years ago I don’t know for sure. Can you look for this in the ma graph docs?
smarek
commented
3 years ago I'm not sure if this is related, but I'm trying to solve similar issue, for authenticating with O365 Outlook service, specifically for SMTP (with STARTTLS) sending emails, https://bugzilla.mozilla.org/show_bug.cgi?id=1528136
I have organization, that requested external desktop (native) app, that could use the corporate email account, under custom domain using public O365 servers, for sending some automated reports. Organization has strict MFA enabled, and I'm unable to use app-specific password, so I need to use some kind of web-based oauth2/openid authentication, and use the resulting token to access specific mailbox and send email.
Since the app is not meant to be organization-specific, i've been reading mentioned Thunderbird issue, about being "Public Client" to the Azure/O365 services, because I cannot maintain app-specific secret (opensource app, same as thunderbird). Result of analysis at Thunderbird development, is requirement to be able to support OAUTH with PCKE flow, to obtain token for specific user, to be able to send/receive emails
Could you please point out if I've understood the situation correctly, and the mentioned OAUTH/PCKE is something that could be provided within python-o365 library implementation. Thank you
smarek
commented
3 years ago I'll fill in by myself, with organization that uses own domain and Azure AD, the application needs to be registered with Azure AD (either from published, or the organization itself) and configured as Public Client, then it can use MSAL with interactive (web-browser) authentication, using both "Client ID" (id of registered app) and "Authority URL" (something like https://login.microsoftonline.com/myorganization.com) to allow user with account/email under @myorganization.com pass MFA and access Graph API (ie. "Mail.Send", "Mail.Send.Shared")
So the answer is no, python-o365 cannot provide the authentication part on behalf of developed app, the developer must do and maintain this on their own
I recently started receiving "InvalidGrantError: (invalid_grant) AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access XXX" after my organization's admin activated 2FA, is there a way to authenticate the app with 2FA?