Sample code for 30+ languages & platforms
DataFlex

Office365 OAuth2 Client Credentials Flow for SMTP, IMAP, POP

See more Office365 Examples

Demonstrates how to get an OAuth2 access token using the Client Credentials flow for use with Office 365 in the SMTP, IMAP, and POP3 protocols.

This is a way of getting an OAuth2 access token for the O365 account you own, WITHOUT needing to grant access interactively via a browser.

Note: OAuth2 access tokens acquired using client credentials are not refreshed. This is because no interactive browser authentication was initially required. You can simply fetch another access token using client credentials using this sample code. Access tokens aquired using client credentials typically have a lifetime of 1 hour.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoHttp
    Variant vReq
    Handle hoReq
    Variant vResp
    Handle hoResp
    Integer iStatusCode
    Handle hoFac
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Get an OAuth2 access token by sending a POST like this:

    // 	POST {tenant}/oauth2/v2.0/token
    // 	Host: login.microsoftonline.com
    // 	Content-Type: application/x-www-form-urlencoded
    // 
    // 	client_id=6731de76-14a6-49ae-97bc-6eba6914391e
    // 	&client_secret=*****************
    // 	&scope=https%3A%2F%2Foutlook.office365.com%2F.default
    // 	&grant_type=client_credentials

    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    Get Create (RefClass(cComChilkatHttpRequest)) To hoReq
    If (Not(IsComObjectCreated(hoReq))) Begin
        Send CreateComObject of hoReq
    End
    Set ComHttpVerb Of hoReq To "POST"
    Set ComContentType Of hoReq To "application/x-www-form-urlencoded"

    // ----------------------------------------------------------------------------------------
    // Important:
    // Your Azure Entra ID app must be explicitly setup to allow for the OAuth2 client credentials flow.
    // Please follow the detailed guide for how to do it here:
    // Office365 App Setup for SMTP, POP, IMAP OAuth2 Client Credentials
    // 
    // Note: Your registered App must have the following permissions.
    // For IMAP: IMAP.AccessAsApp
    // For POP3: POP.AccessAsApp
    // For SMTP: SMTP.SendAsApp
    // ----------------------------------------------------------------------------------------

    // Use the application ID for the client_id.
    // (In Azure App Registrations, use the Application (client) ID)
    Send ComAddParam To hoReq "client_id" "CLIENT_ID"
    Send ComAddParam To hoReq "client_secret" "CLIENT_SECRET"
    Send ComAddParam To hoReq "scope" "https://outlook.office365.com/.default"
    Send ComAddParam To hoReq "grant_type" "client_credentials"

    // Replace "{tenant}" with your tenant ID, such as "112d7ed6-71bf-4eba-a866-738364321bfc".req.HttpVerb = "POST";

    Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
    If (Not(IsComObjectCreated(hoResp))) Begin
        Send CreateComObject of hoResp
    End
    Get pvComObject of hoReq to vReq
    Get pvComObject of hoResp to vResp
    Get ComHttpReq Of hoHttp "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" vReq vResp To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComStatusCode Of hoResp To iStatusCode
    Showln "response status code: " iStatusCode
    Showln "response body:"
    Get ComBodyStr Of hoResp To sTemp1
    Showln sTemp1

    // The successful JSON response looks like this:

    // {
    //   "token_type": "Bearer",
    //   "expires_in": 3599,
    //   "ext_expires_in": 3599,
    //   "access_token": "eyJ0eX...ZKaeSVSg"
    // }

    // Save the JSON to a file for future requests.
    // The Office365 access token acquired by client credentials is typically valid for ..
    If (iStatusCode = 200) Begin
        Get Create (RefClass(cComCkFileAccess)) To hoFac
        If (Not(IsComObjectCreated(hoFac))) Begin
            Send CreateComObject of hoFac
        End
        Get ComBodyStr Of hoResp To sTemp1
        Get ComWriteEntireTextFile Of hoFac "qa_data/tokens/office365.json" sTemp1 "utf-8" False To iSuccess
    End



End_Procedure