Official Content

In this article, you will find the necessary steps to provide data to connect to the mailbox through Microsoft Exchange OAuth 2.0.

Example: Application administrators have to provide the necessary data to the programmers (at their request) so that they can connect to their mailbox.


You need to follow these 3 steps to provide data through Microsoft Exchange OAuth:

  1. OAuth Application Registration
  2. Authentication Code Generation
  3. Refresh Token Generation


1. OAuth Application Registration

A) Follow this tutorial from Microsoft: Register an application with the Microsoft identity platform. Execute all steps of the "Register an application" section (8 steps in total).

B) Now you have to configure the platform settings. To do so, follow these steps: Configure platforms settings (4 steps in total). 

C) In step 4, select "Mobile and desktop Applications" as Platform and continue.

D) A new window called Configure Desktop + devices is opened. 

Select the Redirect URI: and confirm.


2. Authentication Code Generation

After registering the application, you can start the code authorization request process.

A) Get the Application (client) ID of the newly created Application:


You can find it by clicking on the overview window, below "Display Name."

B) Open a browser and execute the following URL. The "Client_id" data must be replaced by that of the newly created Application:

C) Log in with your Microsoft account and accept the following permissions:

Permissions requested Microsoft

D) After accepting, the browser will be redirected to the Redirect URI ( You will see a blank screen.

E) After you are redirected to that blank screen, open the browser DeveloperTools (F12 in Chrome).

F) Go to Network Tab and refresh the page.

G) Once in the Network Tab, select the Request and copy the "code" of the Request.



3. Refresh Token Generation

Read more about this topic in this article: OAuth Module.

To generate the Refresh Token in Windows you must execute a POST to{tenant}/oauth2/v2.0/token

The tenant can be obtained by following the steps detailed in How to find your Azure Active Directory tenant ID.

In addition, you should keep in mind the following: 

  • Body Content-Type: x-www-form-urlencoded
  • Post Parameters (Body)
    • client_id: Application (client) ID.
    • scope: Same scope as in step 2 (must not be URL-encoded, and the "offline_access" scope does not need to be added as it is inferred from the authorization code request).
    • code: Authorization Code obtained from the previous step.
    • grant_type: "authorization_code".


curl --location --request POST "" ^
--header "Content-Type: application/x-www-form-urlencoded" ^
--data-urlencode "scope=" ^
--data-urlencode "code=0.xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx" ^
--data-urlencode "client_id=xxxxx-xxxxx-xxxxx-xxxxx-xxxxxxx" ^
--data-urlencode "grant_type=authorization_code" ^
--data-urlencode "redirect_uri="

The response obtained after executing the above request is as follows:


Finally, you will need to save the ClientId and the RefreshToken. 


4. Enable STMP AUTH in Azure Portal for Selected Mailboxes

This step is required. If not enable AUTH, the following error would ocurr:

System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit for more information. CP6P284CA0086.BRAP284.PROD.OUTLOOK.COM
   at System.Net.Mail.MailCommand.CheckResponse(SmtpStatusCode statusCode, String response)



See also 

Google OAuth 2.0 process for Mails


Last update: November 2023 | © GeneXus. All rights reserved. GeneXus Powered by Globant