How can we help?

Microsoft OAuth2 which end-point URLs and scope values can I use?


When using Microsoft Azure, Microsoft Office365, Microsoft Outlook or Microsoft Exchange server you’re using the Microsoft OAuth2 framework.

To setup your application for use with the Microsoft OAuth2 framework you’ll need to know the following:

  • Which end-point URLs to configure
  • Which scope values to use

End-point URLs

Please use these URLs to setup your OAuth2 connection to connect to Microsoft.

URL Description
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize Authorization code URL. Only used in the ‘Authorization code flow’
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/devicecode Device code URL. Only used in the ‘Device code flow’ for desktop applications.
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token The token exchange URL. This is used in every OAuth2 flow.

Where {tenant} can be either: ‘common’, ‘consumers’ or ‘organizations’. This depends on the ‘Supported account types’ option when creating the application.

Scope values

When building your own OAuth2 supporting application you’ll need to specify which scope you need to access. If you’re setting up an OAuth2 connection to Microsoft services in an existing desktop application this will probably not apply.

Scope Description
offline_access Use this scope value to receive a refresh token. This indicates that you want be able to refresh the bearer token without being signed into your Azure account.
https://outlook.office.com/SMTP.Send Use the SMTP protocol send e-mail
https://outlook.office.com/IMAP.AccessAsUser.All Use IMAP for receiving e-mails and mailbox management
https://outlook.office.com/POP.AccessAsUser.All Use POP3 to receive e-mails

Multiple scope values can be combined by separating them with a space. For example:

offline_access https://outlook.office.com/SMTP.Send