Oauth2 with Microsoft Personal Account

[iwkse]

Hi, that's a general question related to Microsoft OAUTH2. I would like to know if this works also for personal account or it's required a organization account. That's related to this issue https://github.com/Webklex/php-imap/issues/519 because we can't login after receiving the access token. Any hint is welcome

[stevebauman]

Yes this library works with personal accounts. I use this library to access them.

If you can't login after retrieving the access token, you haven't requested the correct scopes during the OAuth flow.

You need to request the below scopes:

'offline_access',
'https://outlook.office.com/IMAP.AccessAsUser.All',

[iwkse]

We're using postman to check if it works, so the first GET call:

https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?
&client_id=xxxxxxxx-yyyy-zzzz-ssss-dc01692174d8
&response_type=code
&redirect_uri=https://www.xxx.com/xxx/test-imap.php
&response_mode=query
&scope=openid 
IMAP.AccessAsUser.All 
profile SMTP.Send Mail.Send MailboxFolder.Read MailboxFolder.ReadWrite MailboxItem.Read MailboxSettings.Read MailboxSettings.ReadWrite offline_access email User.Read User.ReadWrite wl.offline_access wl.imap wl.emails
&grant_type=authorization_code
&state=12345

We receive from this M.C522_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx used with the POST call:

POST: https://login.microsoftonline.com/consumers/oauth2/v2.0/token
BODY:
  client_id:xxxxxxxx-yyyy-zzzz-ssss-dc01692174d9
  client_secret:MYSECRET
  grant_type:client_credentials
  scope: https://outlook.office.com/.default
  code:M.C522_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

It doesn't work though.