How can I get an Access Token by application without providing password but silently?

Michyo Song 31 Reputation points
2021-02-04T09:54:38.083+00:00

Hello,

I am wondering to retrieve access token silently but not providing the password.

Is that is a way to do so?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,481 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marco Conca 1 Reputation point
    2021-02-04T11:55:16.443+00:00

    I am also trying to get this working.
    Here is my code:

    var opt = new ConfidentialClientApplicationOptions()
    {
        ClientId = "xxx_clientid",
        TenantId = "xx_tenant_id",
        ClientSecret = "xxx_client_secret_value",
        RedirectUri = "http://localhost",
    };
    
    var scopes = new string[] {
        "email",
        "offline_access",
        "https://outlook.office.com/IMAP.AccessAsUser.All", // Only needed for IMAP
        //"https://outlook.office.com/POP.AccessAsUser.All",  // Only needed for POP
        //"https://outlook.office.com/SMTP.Send", // Only needed for SMTP
    };
    
    var app = ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(opt).Build();
    var authToken = await app.AcquireTokenForClient(scopes).ExecuteAsync(); // <--- Exception
    var oauth2 = new SaslMechanismOAuth2(authToken.Account.Username, authToken.AccessToken);
    
    using (var client = new ImapClient(new ProtocolLogger("imapLog.txt")))
    {
        client.Connect("outlook.office365.com", 993, SecureSocketOptions.SslOnConnect);
        //client.AuthenticationMechanisms.Remove("XOAUTH2");
        client.Authenticate(oauth2);
        var inbox = client.Inbox;
        inbox.Open(MailKit.FolderAccess.ReadOnly);
        Console.WriteLine("Total messages: {0}", inbox.Count);
        Console.WriteLine("Recent messages: {0}", inbox.Recent);
        client.Disconnect(true);
    }
    

    Running the code I get this exception:

    Microsoft.Identity.Client.MsalServiceException: 'AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope email offline_access https://outlook.office.com/IMAP.AccessAsUser.All is not valid.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.