mmalcek / basicToOauth

proxy service that changes basic auth to oauth 2. designed for Exchange Web Services (EWS)
MIT License
17 stars 4 forks source link
azure basic-authentication ews exchange oauth2 office365

basicToOauth

HTTP proxy service that transforms a basic authorisation header to an OAuth 2.0 Bearer token.

From 01.10.2022 the basic authentication will be deprecated by Microsoft for many services. This package provides a simple way to migrate from basic authentication to OAuth by creating a proxy service.

You can download Windows version from here:

https://github.com/mmalcek/basicToOauth/releases
Direct Windows download link
Note: Currently only Windows and Linux (64bit) prebuild binaries are available. I can build binaries for other platforms on request.

Configuration (config.yaml):

host: "127.0.0.1" # Host of the proxy service
port: "8085" # Port of the proxy service
client_id: "yourAzureClientID" # Azure App registration client ID
tenant_id: "yourAzureTenantID" # Azure tenant ID
proxy_url: "https://outlook.office365.com" # URL of the target service
authority_url: "https://login.microsoftonline.com/" # URL of the authority service
scopes:
  - "https://outlook.office365.com/EWS.AccessAsUser.All" # Scopes for the target service

host 127.0.0.1 is HIGHLY RECOMMENDED because comunication between proxy service and your application is not encrypted. In other words, basicToOauth app should be on the same machine as your application.

Installation options:

  1. You can just start the application and watch communication in command line.
  2. Or install as SERVICE - Open command line as administrator and run:
    • .\basicToOauth.exe -service install
    • .\basicToOauth.exe -service start
    • .\basicToOauth.exe -service stop
    • .\basicToOauth.exe -service uninstall

Once the application is running, you can use it in your application so instead "https://outlook.office365.com/..." just use "http://127.0.0.1:8085/..."

btw: If you like this app you can buy me a coffe ;)

Buy Me a Coffee at ko-fi.com



Setup Azure "App Registration"

MS topic - Authenticate an EWS application by using OAuth

Short version:

  1. Azure portal -> Azure Active Directory -> App registrations -> New registration

  2. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Authentication

  3. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Manifest

    • Add the following to the manifest - section "requiredResourceAccess"
      
      {
          "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
          "resourceAccess": [
              {
                  "id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
                  "type": "Scope"
              }
          ]
      },
So it should looks like:        
```JSON
"requiredResourceAccess": [
        {
            "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
            "resourceAccess": [
                {
                    "id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
                    "type": "Scope"
                }
            ]
        },
        {
            "resourceAppId": "00000003-0000-0000-c000-000000000000",
            "resourceAccess": [
                {
                    "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
                    "type": "Scope"
                }
            ]
        }
    ],
  1. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Api permissions Click on "Grant admin consent for "yourTenantName"

  2. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Overview

    • COPY "Application (client) ID" to basicToOauth app config.yaml to client_id: "YOUR_CLIENT_ID"
    • COPY "Directory (tenant) ID" to basicToOauth app config.yaml to tenant_id: "YOUR_TENANT_ID"