Hello @Shawn J , yes in order to be able to access Outlook mailboxes using OAuth2 you need to create/have an Azure AD tenant, create an app registration, and register the required delegated/user permission (https://outlook.office.com/IMAP.AccessAsUser.All). It is ok to hard-code tenant id, client id, redirect Uri and other values provided they're not passwords or secrets.
If you want external users to be able to read their own mailboxes then you need to create a multi-tenant app so that they can access them (since they're hosted in their tenant, not yours)
If you want external users to be able to read your tenant mailboxes, you will need to authenticate as an application using client credentials flow. This requires registering an application permission instead of the user's.
The Using OAuth2 With Exchange (IMAP, POP3 or SMTP) sample provided looks great for user/delegated authentication. For application authentication take a look to Use client credentials grant flow to authenticate IMAP and POP connections for how to configure your app registration and Initializing a confidential client application from code for how to initialize an IConfidentialClientApplication
as replacement for the IPublicClientApplication
included in your sample code.
Finally, it's possible to implement either IPublicClientApplication
or IConfidentialClientApplication
in a desktop application, however it's recommended to implement the latter in an API that your desktop application can consume since it's safer to store client secrets or certificates in an API than in a desktop app. In this scenario it's recommended to create 2 app registrations: 1 for the desktop app and one for the API.
Let us know if you need additional assistance. If the answer was helpful, please accept it so that others can find a solution.