Microsoft OAuth2 which end-point URLs and scope values can I use?
When using Microsoft Azure, Microsoft Office 365, Microsoft Outlook, or Microsoft Exchange Server, you use the Microsoft OAuth2 framework.
To set up your application for use with Microsoft OAuth2, you need to know the following:
- Which endpoint URLs to configure
- Which scope values to use
Endpoint URLs
Use the following URLs to configure your OAuth2 connection to Microsoft:
| URL | Description |
| https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize | Authorization code URL. Used only in the authorization code flow. |
| https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode | Device code URL. Used only in the device code flow for desktop applications. |
| https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token | Token endpoint. Used in all OAuth2 flows. |
Where {tenant} can be one of: “common”, “consumers”, or “organizations”. This depends on the “Supported account types” option selected when creating the application.
Scope values
When building an OAuth2 application, you must specify which scopes you need to access. If you are configuring OAuth2 for Microsoft services in an existing desktop application, this usually does not apply.
| Scope | Description |
| offline_access | Requests a refresh token. This allows you to refresh the access token without requiring the user to sign in again. |
| https://outlook.office.com/SMTP.Send | Allows sending email using SMTP |
| https://outlook.office.com/IMAP.AccessAsUser.All | Allows IMAP access for reading emails and mailbox management |
| https://outlook.office.com/POP.AccessAsUser.All | Allows POP3 access for receiving emails |
You can combine multiple scope values by separating them with a space. For example:
offline_access https://outlook.office.com/SMTP.Send