How to use modern authentication instead of basic authentication in ews-android-api

[arunsankar8]

This is not a issue, just asking some tips and support from you. I have been using the ews-android-api in my application to get the events etc.. According to the docs, the basic authentication will be deprecated on the coming October 2020. I believe the basic authentication have been using in this, So how can I use modern authentication instead of basic authentication in my application to continue using the ews-android-api in my projects after October. Looking forward to your suggestions and support.

The sample code used for login

   private void loginEws(){

       ExchangeUser user = new ExchangeUser(mUsername, mPassword, mExchangeServerUrl, mMailboxEmail);
       ExchangeHelper helper = new ExchangeHelper(user);
       helper.login();

   }
  public void login() throws Exception {
        ExchangeService service = createService();
        Mailbox mailbox = new Mailbox(user.getMailbox());
        FolderId folderId = new FolderId(WellKnownFolderName.Calendar, mailbox);
        CalendarFolder folder = CalendarFolder.bind(service, folderId);
    }

 private ExchangeService createService() {
        try {
            ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
            ExchangeCredentials credentials = new WebCredentials(user.getUsername(), user.getPassword());
            service.setUrl(new URI(user.getServerUrl()));
            service.setCredentials(credentials);
            return service;
        } catch (URISyntaxException e) {
            e.printStackTrace();
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

[Thewizeguy]

I'm just now starting to look into this myself. Any progress?

[GameScripting]

We had the same problem and ended up implementing IMAP.

The best MS solution ist to switch to MS Graph API. But as we needed a vender neutral solution this was not possible for us.

[arunsankar8]

Hi @GameScripting @Thewizeguy

1. Modern authentication uses token to authenticate and access the exchange instead of the username and password, so we can use the same MSAL authentication used in Microsoft Graph API for getting the token.

2. Replace all the scopes used for MS graph API with this scope "https://outlook.office.com/.default".

3. Use the auth-token got through MSAL authentication instead of passing username and password as credentials to create service and access the exchange events.

 private ExchangeService createService(String authToken, String mailBoxEmail,String serverUrl) {
            try {
                 final ExchangeService service = new ExchangeService();
                 service.setTraceEnabled(true);

                 /* Use the authToken instead of creating credential with username and password 
                     ExchangeCredentials credentials = new WebCredentials(username, password);
                     service.setCredentials(credentials);
                */

                service.getHttpHeaders().put("Authorization", "Bearer " + authToken);
                service.getHttpHeaders().put("X-AnchorMailbox", mailBoxEmail);
                service.setUrl(new URI(serverUrl));
                return service;
           } catch (URISyntaxException e) {
               e.printStackTrace();
           } catch (Exception e) {
              e.printStackTrace();
           }
}

[Thewizeguy]

@arunsankar8 I'm currently watching this video that shows how to add MSAL support in android studio. Around 30 mins in or so. https://www.youtube.com/watch?v=BLmOmv4FSsQ&ab_channel=Microsoft365Developer

[Thewizeguy]

Well lucky for us it looks like this move has been delayed until the second half of 2021. I'd still like to update my code but that's nice find.

https://developer.microsoft.com/en-us/office/blogs/deferred-end-of-support-date-for-basic-authentication-in-exchange-online/

[loudbyte]

Perhaps, also you should use token with this scope - https://outlook.office365.com/EWS.AccessAsUser.All