Microsoft OAuth2 which end-point URLs and scope values can I use?
When using Microsoft Azure, Microsoft Office365, Microsoft Outlook or Microsoft Exchange server you’re using the Microsoft OAuth2 framework.
To setup your application for use with the Microsoft OAuth2 framework you’ll need to know the following:
- Which end-point URLs to configure
- Which scope values to use
End-point URLs
Please use these URLs to setup your OAuth2 connection to connect to Microsoft.
URL | Description |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize | Authorization code URL. Only used in the ‘Authorization code flow’ |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode | Device code URL. Only used in the ‘Device code flow’ for desktop applications. |
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token | The token exchange URL. This is used in every OAuth2 flow. |
Where {tenant} can be either: ‘common’, ‘consumers’ or ‘organizations’. This depends on the ‘Supported account types’ option when creating the application.
Scope values
When building your own OAuth2 supporting application you’ll need to specify which scope you need to access. If you’re setting up an OAuth2 connection to Microsoft services in an existing desktop application this will probably not apply.
Scope | Description |
offline_access | Use this scope value to receive a refresh token. This indicates that you want be able to refresh the bearer token without being signed into your Azure account. |
https://outlook.office.com/SMTP.Send | Use the SMTP protocol send e-mail |
https://outlook.office.com/IMAP.AccessAsUser.All | Use IMAP for receiving e-mails and mailbox management |
https://outlook.office.com/POP.AccessAsUser.All | Use POP3 to receive e-mails |
Multiple scope values can be combined by separating them with a space. For example:
offline_access https://outlook.office.com/SMTP.Send