According to Authenticate an IMAP, POP or SMTP connection using OAuth。we can get access_token for imap/pop3/smtp。but i can't find any document discuss how to get access_token for activesync
for example, i use scopes like this
const requestScopes = ["offline_access", 'https://outlook.office.com/SMTP.Send'];
i can get an access_token to send mail with smtp protocal。what scopes should i use if i want to get an access_token for activesync
Related
I am developing a web application that allows any user to connect with its Salesforce account. I've implemented User-Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).
This is the request I use:
https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]
And my redirect URL is:
http://[MYSITE].com/#/services/oauth2/success
(that corresponds to the host from where I make the call)
This call correctly gives me access_token but not refresh_token.
if I use "https" instead "http" as redirect uri I receive this error:
error=invalid_scope&error_description=the requested scope is not available
From the documentation, I read that:
The refresh token for the user-agent flow is only issued if you
requested scope=refresh_token and one of the following scenarios is
true:
....
The redirect URL host matches the request host and includes the servlet services/oauth2/success.
...
I think to be in this case, what am I doing wrong?
Thanks in advance
Try adding Perform requests at any time (refresh_token, offline_access) under Selected OAuth Scopes in your connected app
I am trying to write the exchange and access endpoints and the docs here (https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system#h2_login) are not clear on a couple of things:
how is the call to exchange a grant code for access token made - is it GET with credentials in QS or is it a POST with credentials in a body?
Is the access token delivered only in the JSON for an intent call or is it set properly as a bearer token?
It's a POST with credentials in the request body. Amazon follows the Oauth2 RFC correctly in this case.
The access token is delivered by Amazon only in the JSON for the intent request and not properly set as a bearer. This is annoying.
In my case, I had to hack around it by first validating if the request was a valid alexa request which contained a session with an access token, then setting the HTTP_AUTHORIZATION header to Bearer <token>, then using existing request auth logic to authenticate (I was using Django with django-oauth-toolkit, so YMMV if you're using something else).
That code looks something like this:
# get the access_token from the POST request
if access_token is not None:
request.META["HTTP_AUTHORIZATION"] = "Bearer " + access_token
if not hasattr(request, 'user') or request.user.is_anonymous():
user = authenticate(request=request)
if user:
request.user = request._cached_user = user
if request.user.is_authenticated():
# Do whatever with the logged in user
I'm trying to connect to Exchange using Javamail and OAuth. I'm using Javamail 1.5.3 and I referred to this.
1) The exchange account that I'm trying to connect to is within an org domain. I know that my OAuth token is valid since I'm able to make a Rest api request to https://outlook.office.com/api/v2.0/me to get the user profile using the token. My code looks like this -
Properties props = new Properties();
props.put("mail.imap.ssl.enable", "true);
props.put("mail.imap.sasl.enable", "true");
props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
props.put("mail.imap.auth.login.disable", "true");
props.put("mail.imap.auth.plain.disable", "true");
Session session = Session.getInstance(props);
Store store = session.getStore("imap");
store.connect("imap-mail.outlook.com", "xxx#org.com", OAUTH_TOKEN);
I get (javax.mail.AuthenticationFailedException) javax.mail.AuthenticationFailedException: [AUTHENTICATIONFAILED] OAuth authentication failed
2) When I connect to an xxx#outlook.com account, I get 500:Internal Server Error and I'm not able to make the api request above to fetch the user profile using the OAuth token I received.
I have tried to use OAuth2 to build a group settings service with the following:
def groupSettingsService(request):
CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')
FLOW = client.flow_from_clientsecrets(CLIENT_SECRETS, scope=['https://www.googleapis.com/auth/apps.groups.settings'], message=tools.message_if_missing(CLIENT_SECRETS))
storage = Storage('groups-settings.dat')
credentials = storage.get()
if credentials is None or credentials.invalid:
credentials = run(FLOW, storage)
http = httplib2.Http()
http = credentials.authorize(http)
return discovery.build('groupssettings', 'v1', http=http)
But the problem is when the token isn't valid anymore (expires) it redirect to a page to tell a user to grant access again to that scope...things that is inappropriate for API calls !
is there a way to work with a username/password or client_secret to grant a full access permanently to the API without asking to grant access or not ?
You need to ask for access_type=offline when you redirect the user to Google.
You will than get an code, which can be exchanged (by POSTing with your client_id and client_secret) into an access_token (that is the one you are already using) and a refresh_token.
When your access_token expires, you can POST the refresh_token, client_id and client_secret to get another access_token. You can do that multiple times if you need (or weeks later...)
Did you save the credentials to storage upon getting a credentials successfully?
I need to use oauth2 and imap to connect with Gmail, and I can see the code from https://github.com/simplegeo/python-oauth2:
import oauth2 as oauth
import oauth2.clients.imap as imaplib
# Set up your Consumer and Token as per usual. Just like any other
# three-legged OAuth request.
consumer = oauth.Consumer('your_consumer_key', 'your_consumer_secret')
token = oauth.Token('your_users_3_legged_token', 'your_users_3_legged_token_secret')
# Setup the URL according to Google's XOAUTH implementation. Be sure
# to replace the email here with the appropriate email address that
# you wish to access.
url = "https://mail.google.com/mail/b/your_users_email#gmail.com/imap/"
conn = imaplib.IMAP4_SSL('imap.googlemail.com')
conn.debug = 4
# This is the only thing in the API for impaplib.IMAP4_SSL that has
# changed. You now authenticate with the URL, consumer, and token.
conn.authenticate(url, consumer, token)
# Once authenticated everything from the impalib.IMAP4_SSL class will
# work as per usual without any modification to your code.
conn.select('INBOX')
print conn.list()
But I cannot understand the Consumer and Token here.
What do they mean?
How can I get key and secret for them respectively?
The client_id and client_secret I got from https://code.google.com/p/google-mail-oauth2-tools/wiki/OAuth2DotPyRunThrough. Is this Consumer or Token?
The above code sample is for OAuth 1, not OAuth 2. Consumer key and secret, token and token secret are all OAuth 1 terms.
I think the confusion is created by the fact that the Python library used is called "oauth2". In my understanding this is the second incarnation of an OAuth 1 library, the name is unfortunate.
The documentation for using OAuth 2 with Gmail is at:
https://developers.google.com/gmail/oauth_overview