Skip to content

Latest commit

 

History

History
113 lines (94 loc) · 4.57 KB

README.md

File metadata and controls

113 lines (94 loc) · 4.57 KB
Raw

basicToOauth

HTTP proxy service that transforms a basic authorisation header to an OAuth 2.0 Bearer token.

  • Designed for Exchange Web Services (EWS) but it may work also with other services that require OAuth 2.0 Bearer token.
  • This application is for HTTP protocol only (not SMTP, POP3, IMAP).

From 01.10.2022 the basic authentication will be deprecated by Microsoft for many services. This package provides a simple way to migrate from basic authentication to OAuth by creating a proxy service.

  • Application gets basic header and transform it to OAuth header. Rest of the request is passed to the target service unchanged.
  • Application has been created mainly for Exchange Web Services (EWS) but it should work also with other services.

You can download Windows version from here:

https://github.com/mmalcek/basicToOauth/releases
Direct Windows download link
Note: Currently only Windows and Linux (64bit) prebuild binaries are available. I can build binaries for other platforms on request.

Configuration (config.yaml):

host: "127.0.0.1" # Host of the proxy service
port: "8085" # Port of the proxy service
client_id: "yourAzureClientID" # Azure App registration client ID
tenant_id: "yourAzureTenantID" # Azure tenant ID
proxy_url: "https://outlook.office365.com" # URL of the target service
authority_url: "https://login.microsoftonline.com/" # URL of the authority service
scopes:
  - "https://outlook.office365.com/EWS.AccessAsUser.All" # Scopes for the target service

host 127.0.0.1 is HIGHLY RECOMMENDED because comunication between proxy service and your application is not encrypted. In other words, basicToOauth app should be on the same machine as your application.

Installation options:

  1. You can just start the application and watch communication in command line.
  2. Or install as SERVICE - Open command line as administrator and run:
    • .\basicToOauth.exe -service install
    • .\basicToOauth.exe -service start
    • .\basicToOauth.exe -service stop
    • .\basicToOauth.exe -service uninstall

Once the application is running, you can use it in your application so instead "https://outlook.office365.com/..." just use "http://127.0.0.1:8085/..."

btw: If you like this app you can buy me a coffe ;)

Buy Me a Coffee at ko-fi.com

Setup Azure "App Registration"

MS topic - Authenticate an EWS application by using OAuth

Short version:

  1. Azure portal -> Azure Active Directory -> App registrations -> New registration

  2. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Authentication

  3. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Manifest

    • Add the following to the manifest - section "requiredResourceAccess"
		{
			"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
			"resourceAccess": [
				{
					"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
					"type": "Scope"
				}
			]
		},

So it should looks like:

"requiredResourceAccess": [
		{
			"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
			"resourceAccess": [
				{
					"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
					"type": "Scope"
				}
			]
		},
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				}
			]
		}
	],

  1. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Api permissions Click on "Grant admin consent for "yourTenantName"

  2. Azure portal -> Azure Active Directory -> App registrations -> MyApp -> Overview

    • COPY "Application (client) ID" to basicToOauth app config.yaml to client_id: "YOUR_CLIENT_ID"
    • COPY "Directory (tenant) ID" to basicToOauth app config.yaml to tenant_id: "YOUR_TENANT_ID"