AxEmail.OAuth2
Introduction
Skip to properties and methods
OAuth2 or ‘Modern Authentication’ as it’s called by Microsoft is a modular approach to authentication. With OAuth2 the different parties involved are clearly separated from each other.
The Auron E-mail OAuth2 component focuses on desktop software authentication flows.
A high-level overview
Consider the case of accessing a GMail account. OAuth2 knows these parties:
- The resource owner – e.g. You
- The resource – e.g. Your mailbox
- The authorizing party – e.g. Google
- The application that needs access – e.g. Your e-mail application
Using OAuth2 your application:
- Directs the users to the google login page
- Google uses your ‘client id’ and ‘client secret’ to show information about your application to the user
- Your application waits for the user to sign-in and confirm the permissions you request
- Google sends a bearer token to your application
- Your application uses the bearer token to log into the e-mail
- If the bearer token expires your application can use the refresh token to refresh the bearer token
OAuth2 knows multiple authorization flows. The Auron E-mail Component implements two of them:
- Authorization Code Flow: The user logs in with name and password.
- Device Code Flow: The user types in a user-code it has received from your application.
You can find detailed descriptions on how to setup client IDs for
Google and Microsoft services in the FAQ section of our knowledgebase.
Authorization code flow – Example
With the authorization code flow you can login with the authorizing party immediately.
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' Component info
WScript.Echo "Auron Email Component " & objOAuth2.Version
WScript.Echo "Build: " & objOAuth2.Build & vbCrLf & "Module: " & objOAuth2.Module
WScript.Echo "License Status: " & objOAuth2.LicenseStatus & vbCrLf _
& "License Key: " & objOAuth2.LicenseKey & vbCrLf
' Set Logfile
objOAuth2.LogFile = "OAuth2.log"
' Set OAuth parameters
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "" ' TODO: Enter your client id
objOAuth2.ClientSecret = "" ' TODO: Enter your client secret
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Collect device and usercode and show the login page
objOAuth2.Login
WScript.Echo "Login result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
How to run this example
Device code flow – Example
This flow uses a ‘User Code’ that the user needs to enter instead of logging in directly.
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' Component info
WScript.Echo "Auron Email Component " & objOAuth2.Version
WScript.Echo "Build: " & objOAuth2.Build & vbCrLf & "Module: " & objOAuth2.Module
WScript.Echo "License Status: " & objOAuth2.LicenseStatus & vbCrLf _
& "License Key: " & objOAuth2.LicenseKey & vbCrLf
' Set Logfile
objOAuth2.LogFile = "OAuth2.log"
' Set OAuth2 parameters
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "" ' TODO: Enter your client id
objOAuth2.ClientSecret = "" ' TODO: Leave empty when using Microsoft device code flow
objOAuth2.Scope = "offline_access https://outlook.office.com/IMAP.AccessAsUser.All"
objOAuth2.DeviceCodeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/devicecode"
objOAuth2.TokenExchangeUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token"
' Collect device and usercode and show the login page
objOAuth2.Login
WScript.Echo "Login result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
WScript.Echo "Please enter user code: [" & objOAuth2.UserCode & "]"
WScript.Echo
' Wait for the user to enter the usercode.
objOAuth2.WaitForTokens(objOAuth2.UserCodeExpInSeconds * 1000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens. The bearer token needs to be passed to the
' SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
How to run this example
Properties and Methods
Property | Type | Read/Write | Description |
Version | String | Read | Version number of the Auron Email Component |
Build | String | Read | Build number of the Auron Email Component |
Module | String | Read | Module name of the Auron Email Component |
LicenseStatus | String | Read | License Status |
LicenseKey | String | Read/Write | License Key |
LastError | Number | Read | Result of the last called method |
LogFile | String | Read/Write | The path to a logfile which can be used for troubleshooting |
Flow | Integer | Read/Write | The authorization flow |
AuthCodeUrl | String | Read/Write | Authorization code URL |
DeviceCodeUrl | String | Read/Write | The device code URL |
TokenExchangeUrl | String | Read/Write | The token exchange URL |
RedirectUrl | String | Read/Write | The redirect URL |
VerificationUrl | String | Read/Write | The verification URL |
ClientID | String | Read/Write | Your client ID |
ClientSecret | String | Read/Write | Your client secret |
Scope | String | Read/Write | Resource scope to access |
SuccessHtml | String | Read/Write | Show when Authorization code flow was successful |
ErrorHtml | String | Read/Write | Show when Authorization code flow failed |
AutoOpenBrowser | Boolean | Read/Write | Automatically open the browser |
LoginUrl | String | Read | Resulting login URL |
DeviceCode | String | Read | Device code |
UserCode | String | Read | User code |
UserCodeMessage | String | Read | User code message |
BearerToken | String | Read | Bearer token |
RefreshToken | String | Read | Refresh token |
BearerTokenExpInSeconds | Number | Read | Bearer token expiration timeout in seconds |
UserCodeExpInSeconds | Number | Read | User code expiration time in seconds |
PollIntervalInSeconds | Number | Read | Poll interval in seconds |
ResultScope | String | Read | Resulting scope |
LastResponse | String | Read | Last HTTP response |
ResultError | String | Read | Last response error |
ResultErrorDescription | String | Read | Last response error description |
ProxyServer | String | Read/Write | ProxyServer URL if required |
ProxyAccount | String | Read/Write | Proxy login account if required |
ProxyPassword | String | Read/Write | Proxy password if required |
Method | Description |
Clear | Reset all properties to their default values |
SaveLicenseKey | Save the License Key in the registry |
GetErrorDescription | Get the description of the given error |
Sleep | Sleep for the specified number of milliseconds |
Login | Start OAuth2 authorization |
WaitForTokens | Continue OAuth2 authorization |
RefreshBearerToken | Exchange the refresh token for a new bearer token |
Version property
Return the version number of the Auron Email Component
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Wscript.Echo "Auron Email Component Version" & objOAuth2.Version & "; Build" & _
objOAuth2.Build & "; Module" & objOAuth2.Module
WScript.Echo "License Status:" & objOAuth2.LicenseStatus & vbCrLf
...
Build property
Return the build number of the Auron Email Component.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Wscript.Echo "Auron Email Component Version" & objOAuth2.Version & "; Build" & _
objOAuth2.Build & "; Module" & objOAuth2.Module
WScript.Echo "License Status:" & objOAuth2.LicenseStatus & vbCrLf
...
Module property
Return the module name of the Auron Email Component.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Wscript.Echo "Auron Email Component Version" & objOAuth2.Version & "; Build" & _
objOAuth2.Build & "; Module" & objOAuth2.Module
WScript.Echo "License Status:" & objOAuth2.LicenseStatus & vbCrLf
...
LicenseStatus property
The status of your license. In case you have not licensed the product, the property holds the trial expiration date.
For details, see Product Activation.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2") ' Create new instance
WScript.Echo "License Status:" & objOAuth2.LicenseStatus
WScript.Echo "License Key:" & objOAuth2.LicenseKey
LicenseKey property
A license key is required to unlock this component after the trial period has expired. Assign the LicenseKey property every time a new instance of this component is created (see code below). Alternatively, the LicenseKey property can be set automatically. This requires the license key to be stored in the registry. For details, see Product Activation.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2") ' Create new instance
objOAuth2.LicenseKey = "XXXXX-XXXXX-XXXXX" ' Assign your license key
WScript.Echo "LicenseKey:" & objOAuth2.LicenseKey
LastError property
Completion code of the last called function. To find the error description of a given error code, go to the online error codes page.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
...
' Refresh bearer tokens
objOAuth2.RefreshBearerToken
If objOAuth2.LastError <> 0 Then
WScript.Echo "Error:" & objOAuth2.GetErrorDescription(objOAuth2.LastError)
End If
...
LogFile property
By default, LogFile holds an empty string and nothing is logged. If a valid file name is assigned to it, the Auron Email Component will write debug information to this file. Output data is written at the end of the file, the file is not cleared.
By default the log file uses the UTF16LE character encoding. To use UTF8 please prefix the log file name with the text: ‘UTF8:’ (e.g.: ‘UTF8:logfile.txt’).
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
objOAuth2.LogFile = "C:\temp\log.txt"
objOAuth2.Connect "smtp.example.com", "me@example.com", "password"
...
Flow property
This is the authorization flow. Please use one of these constants.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
AuthCodeUrl property
The base URL to direct the user to the login URL and obtain an authorization code.
This URL only applies when using the ‘Authorization code flow’.
Find this URL in the documentation of the authorization service. Don’t include URL parameters.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
DeviceCodeUrl property
The base URL to receive a user code and device code from.
This URL only applies when using the ‘Device code flow’.
Find this URL in the documentation of the authorization service. Don’t include URL parameters.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.DeviceCodeUrl = "https://oauth2.googleapis.com/device/code"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
TokenExchangeUrl property
The base URL for token exchange. The OAuth component will use this URL to exchange an authorization code for the bearer and refresh tokens.
Find this URL in the documentation of the authorization service. Don’t include URL parameters.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
RedirectUrl property
This is the local URL that the login page should redirect to.
This only applies when using the authorization code flow.
Please make sure this URL is registered with your authentication service.
Either use a localhost URL with a port number > 1024 or make sure that the URL is properly configured using the ‘NetSh http’ command.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
VerificationUrl property
This URL is set by the OAuth2 component to the URL that the user should navigate to so they can enter the ‘User Code’.
This only applies to the ‘device code flow’.
If ‘AutoOpenBrowser’ is set then the OAuth2 component will navigate there automatically after calling
‘Login’.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.DeviceCodeUrl = "https://oauth2.googleapis.com/device/code"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
' ...
ClientID property
This is the client ID of your application.
To use OAuth2 your application needs to be registered with the authorizing party (e.g. Microsoft or Google). With registration you’ll receive a Client ID and sometimes a Client Secret.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.DeviceCodeUrl = "https://oauth2.googleapis.com/device/code"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
' ...
ClientSecret property
This is the client secret of your application.
To use OAuth2 your application needs to be registered with the authorizing party (e.g. Microsoft or Google). With registration you’ll receive a Client ID and sometimes a Client Secret.
NOTE: If a third party knows your client secret they can impersonate your application to an end-user. This is why the client-secret needs to be kept a secret.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.DeviceCodeUrl = "https://oauth2.googleapis.com/device/code"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
' ...
Scope property
The property is a space separated list of resources that need to be accessed.
Once login and token exchange is completed find the resulting scope in
ResultScope.
Some common scope values to use:
Scope | Authorizing party | Description |
https://mail.google.com/ | Access GMail through POP3, SMTP and IMAP; Authorization code flow | |
Access GMail through POP3, SMTP and IMAP; Device code flow | ||
offline_access https://outlook.office.com/SMTP.Send | Microsoft | Access MS Exchange through SMTP |
offline_access https://outlook.office.com/POP.AccessAsUser.All | Microsoft | Access MS Exchange through POP3 |
offline_access https://outlook.office.com/IMAP.AccessAsUser.All | Microsoft | Access MS Exchange through IMAP |
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_DEVICECODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "email"
objOAuth2.DeviceCodeUrl = "https://oauth2.googleapis.com/device/code"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
' ...
SuccessHtml property
This property is only used with the Authorization code flow.
On success the user is redirected to the RedirectUrl. This property controls the success message.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
objOAuth2.SuccessHtml = "<h1>Success!</h1>"
objOAuth2.ErrorHtml = "<h1>Failed!</h1>"
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
ErrorHtml property
This property is only used with the Authorization code flow.
On failure the user is redirected to the RedirectUrl. This property controls the failure message.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
objOAuth2.SuccessHtml = "<h1>Success!</h1>"
objOAuth2.ErrorHtml = "<h1>Failed!</h1>"
' ...
objOAuth2.Flow = objConstants.OAUTH2_FLOW_AUTHCODE
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RedirectUrl = "http://localhost:7999/oauth2test/"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.AuthCodeUrl = "https://accounts.google.com/o/oauth2/v2/auth"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' ...
AutoOpenBrowser property
Set this property to true to automatically open the default browser to show a login prompt.
If this property is not set please open the LoginUrl property after calling Login.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
objOAuth2.AutoOpenBrowser = False
' ...
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
WShShell.Run objOAuth2.LoginUrl
' ...
LoginUrl property
Use this property when AutoOpenBrowser is set to False.
This property contains either the URL to authenticate the user or for the user to enter the user code depending on which Authorization Flow is used.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
objOAuth2.AutoOpenBrowser = False
' ...
objOAuth2.Login
If objOAuth2.LastError = 0 Then
WScript.Echo "Please navigate to: " & objOAuth2.VerificationUrl
WScript.Echo "Please enter: " & objOAuth2.UserCode
End If
WShShell.Run objOAuth2.LoginUrl
' ...
DeviceCode property
When using the device code Flow this property contains the device code.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Login
' ...
WScript.Echo objOAuth2.DeviceCode
WScript.Echo objOAuth2.UserCode
WScript.Echo objOAuth2.UserCodeMessage
' ...
UserCode property
When using the device code Flow this property contains the user code.
The user should enter the user code in the sign-in browser window to start authentication
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Login
' ...
WScript.Echo objOAuth2.DeviceCode
WScript.Echo objOAuth2.UserCode
WScript.Echo objOAuth2.UserCodeMessage
' ...
UserCodeMessage property
When using the device code Flow this property contains the user code message.
The user code message is a friendly message from the authorization server to show to your user which contains the user code.
The user code message may be internationalized according to user settings etc.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Login
' ...
WScript.Echo objOAuth2.DeviceCode
WScript.Echo objOAuth2.UserCode
WScript.Echo objOAuth2.UserCodeMessage
' ...
BearerToken property
This is the bearer token that needs to be set with the
POP3,
SMTP or
IMAP protocol to authenticate on the server.
The bearer token expires after BearerExpInSeconds seconds.
Depending on your authorizing party and their security policies you may be able to silently obtain a new bearer token after the bearer token has expired by calling RefreshBearerToken.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
RefreshToken property
The refresh token. Use the refresh token to receive a new Bearer token once the bearer token expires.
Refresh the bearer token by calling RefreshBearerToken.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.Scope = "https://mail.google.com/"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Refresh Bearer Token
objOAuth2.RefreshBearerToken()
WScript.Echo "RefreshBearerToken result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
BearerTokenExpInSeconds property
The is the bearer token expiration timeout in seconds.
This value is set immediately after calling WaitForTokens has completed successfully.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
UserCodeExpInSeconds property
The is the expiration timeout in seconds for both the UserCode as well as the DeviceCode property.
This only applies to the device code flow.
This value is set immediately after calling Login has completed successfully.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
Set objConstants = CreateObject("AxEmail.Constants")
' ...
objOAuth2.Login
WScript.Echo "Login result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' ...
WScript.Echo objOAuth2.DeviceCode
WScript.Echo objOAuth2.UserCode
WScript.Echo objOAuth2.UserCodeMessage
WScript.Echo objOAuth2.UserCodeExpInSeconds
WScript.Echo objOAuth2.PollIntervalInSeconds
' ...
PollIntervalInSeconds property
The is the recommended poll interval in seconds for the WaitForTokens method.
This only applies to the device code flow.
This value is set immediately after calling Login has completed successfully.
The OAuth2 component automatically takes this interval into account when using a long timeout value on the WaitForTokens method.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
ResultScope property
This the resulting scope after authorization.
It’s possible that authorization was successful for only a part of the requested scope.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Result Scope: " & objOAuth2.ResultScope
LastResponse property
This is the last HTTP response received during the OAuth2 protocol.
This value can be useful while troubleshooting OAuth2 protocol issues.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo
WScript.Echo "Last response: " & objOAuth2.LastResponse
ResultError property
If there was an error message from the server this property will contain that error.
This can be useful when troubleshooting
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo
WScript.Echo "Result Error: " & objOAuth2.ResultError
WScript.Echo "Result Error Description: " & objOAuth2.ResultErrorDescription
ResultErrorDescription property
If there was an error message from the server this property will contain the description of that error.
This can be useful when troubleshooting
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' ...
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo
WScript.Echo "Result Error: " & objOAuth2.ResultError
WScript.Echo "Result Error Description: " & objOAuth2.ResultErrorDescription
ProxyServer property
Set the proxy server if this is required.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' Setup HTTP proxy
objOAuth2.ProxyServer = "proxy.domain.com:8080"
objOAuth2.ProxyAccount = "Account"
objOAuth2.ProxyPassword = "Password"
' Set OAuth parameters
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RefreshToken = "1234567890123456789012345678901234567890"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Exchange the bearer token using a refresh token
objOAuth2.RefreshBearerToken
WScript.Echo "RefreshBearerToken result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
...
ProxyAccount property
Set the proxy server login if this is required.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' Setup HTTP proxy
objOAuth2.ProxyServer = "proxy.domain.com:8080"
objOAuth2.ProxyAccount = "Account"
objOAuth2.ProxyPassword = "Password"
' Set OAuth parameters
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RefreshToken = "1234567890123456789012345678901234567890"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Exchange the bearer token using a refresh token
objOAuth2.RefreshBearerToken
WScript.Echo "RefreshBearerToken result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
...
ProxyPassword property
Set the proxy server password if this is required.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' Setup HTTP proxy
objOAuth2.ProxyServer = "proxy.domain.com:8080"
objOAuth2.ProxyAccount = "Account"
objOAuth2.ProxyPassword = "Password"
' Set OAuth parameters
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RefreshToken = "1234567890123456789012345678901234567890"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Exchange the bearer token using a refresh token
objOAuth2.RefreshBearerToken
WScript.Echo "RefreshBearerToken result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
...
Clear method
This function resets all properties to their default values.
Parameters:
- None
Return value:
Always 0.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
....
objOAuth2.Clear
...
SaveLicenseKey method
Description:
Use SaveLicenseKey to store the license key permanently in the registry. When a license key is saved, it is restored automatically every time a new instance of the object is created. It is not recommended to save the license key if you distribute the component with your own software, because the key can be easily used by others.
Parameters:
- None.
Return value:
Always 0. Check LastError property to see if the method was completed successfully.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2") ' Create new instance
objOAuth2.LicenseKey = "XXXXX-XXXXX-XXXXX"
objOAuth2.SaveLicenseKey ' Save license key to registry
For more information, see Product Activation.
GetErrorDescription method
GetErrorDescription provides the error description of a given error code.
Parameters:
- The error code
Return value:
The error string.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
...
WScript.Echo "result:" & objOAuth2.LastError & "," & _
objOAuth2.GetErrorDescription(objOAuth2.LastError)
Sleep method
This function suspends the current thread for the specified number of milliseconds.
Parameters:
- Milliseconds to sleep
Return value:
Always 0.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
....
objOAuth2.Sleep 1000
...
Login method
Call this version to start the OAuth2 authorization process.
The exact function depends on the Flow property.
In device code flow this function retrieves the user code, device code and authorization url from the OAuth2 server.
In authorization code flow this function starts listening on the local callback URL and opens the login prompt.
If AutoOpenBrowser is set then calling this method automatically opens the default browser to the authorization URL.
The authorization URL will be set in LoginUrl after calling this function.
Call WaitForTokens to continue authorization by waiting for the bearer and refresh tokens.
On success LastError will be 0 after calling this function.
Parameters:
- None
Return value:
Always 0.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
....
' Start authorization and show the login page
objOAuth2.Login
WScript.Echo "Login result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
...
WaitForTokens method
Call this function right after a successful call to Login to continue the OAuth2 authorization process.
The exact function depends on the Flow property. In device code flow this function polls the
TokenExchangeUrl until bearer and refresh tokens are returned.
In the authorization code flow this function listens on the RedirectUrl to receive the authorization code and exchanges it using the TokenExchangeUrl for the Bearer and refresh tokens once the user has logged in.
If LastError is 0 after calling this function then the user has logged in and the bearer token and refresh tokens are set.
If LastError is set to 37905 (‘No Tokens Yet’) then this function needs to be called again to continue to wait or poll.
If LastError is set to anything other than 0 or 37905 then this means that the call has failed and no bearer token was received.
On success this function returns immediately when the tokens are received and before the timeout has expired.
Please note that the refresh token can sometimes stay empty. This has to do with the permissions requested in Scope property and / or the permissions granted by the user.
Parameters:
- Milliseconds to wait
Return value:
Always 0.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
....
' Start authorization and show the login page
objOAuth2.Login
WScript.Echo "Login result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Wait for the user to login
objOAuth2.WaitForTokens(90000)
WScript.Echo "WaitForTokens result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
...
RefreshBearerToken method
Call this function to exchange a refresh token for a new bearer token.
This function does not open a browser nor requires any user interaction.
After the bearer token has expired call this function if a refresh token is available to refresh the bearer token.
On success LastError will be 0 after calling this function.
Parameters:
- None
Return value:
Always 0.
Example:
Set objOAuth2 = CreateObject("AxEmail.OAuth2")
' Set OAuth parameters
objOAuth2.ClientID = "1234567890-12345678901234567890.apps.googleusercontent.com"
objOAuth2.ClientSecret = "GOCSPX-12345678901234567890_1234567890"
objOAuth2.RefreshToken = "1234567890123456789012345678901234567890"
objOAuth2.TokenExchangeUrl = "https://oauth2.googleapis.com/token"
' Exchange the bearer token using a refresh token
objOAuth2.RefreshBearerToken
WScript.Echo "RefreshBearerToken result " & objOAuth2.LastError & _
": " & objOAuth2.GetErrorDescription(objOAuth2.LastError)
' Display the bearer and refresh tokens.
' The bearer token needs to be passed to the SMTP, IMAP or POP object.
WScript.Echo
WScript.Echo "Bearer token: " & objOAuth2.BearerToken
WScript.Echo "Refresh token: " & objOAuth2.RefreshToken
WScript.Echo "Bearer timeout: " & objOAuth2.BearerExpInSeconds & " seconds"
...