This guide covers how to setup a Microsoft OAuth application to start authenticating O365 users via OAuth.
Create your free Microsoft Azure account if you don't already have one. You'll use this account to create the Microsoft developer application that is used for authenticating end users via OAuth with Nylas.
Staging and Production OAuth
Do not setup Office 365 on your Product app before testing on your staging app. Once the OAuth settings are added they can not be deleted.
The first step is to create an app that will be used to authenticate your customers to Office365. To do that we're going to use the Azure web portal. Head to https://portal.azure.com and login. You should be presented with the following screen:
In the menu on the left, click “Azure Active Directory”:
Then “App Registrations”:
Then click "New Registration".
You're going to be presented with the following screen. Set your name to your app's name (this is going to be customer visible). Set the audience for this app to "Account in any organizational directory" to be able to log in any account using Office365. You can also restrict it to internal accounts ("Accounts in this organizational directory only") if you're building an internal app.
On the same screen, set the "Redirect URI" to "Web" and "https://api.nylas.com/oauth/callback"
Congrats, you've just created your app! You should be presented with a screen similar to this one:
Now, let's make sure the app you created has the right permissions to work with the Nylas API. To do that, head to the "API permissions" panel:
By default, your app comes with a single permission —
User.Read. Click "Add a permission" to add new permissions.
In the screen, scroll down to "Supported Legacy APIs" and click "Exchange":
Then click "Delegated-permissions":
EAS.AccessAsUser.All- Access mailboxes via Exchange ActiveSync.
EWS.AccessAsUser.All- Access mailboxes as the signed-in user via Exchange Web Services
Place.Read.All- Allows the app to read conference rooms. This is a admin only permission. Required to use Room Resources.
Then click Add Permissions.
We're going to add a second set of permissions, this time for Azure Active Directory. To do that click "Add a permission" again then scroll down to "Supported Legacy APIs":
Then click "Delegated permissions" and select
User.Read under "User" and click "Add permissions":
Finally, we're going to add a couple Microsoft Graph permissions. To do that, click on "Add a permission" and select "Microsoft Graph":
Click "Delegated permissions" then select
If you've followed all the steps correctly, this is what your application permissions screen should look like:
Finally, we're going to have to create and add OAuth credentials. To do this, you're going to head to the "Certificates & secrets" panel of the app dashboard:
And click "New client secret":
Give the secret a name and a expiration date of "never", then click "Add":
Copy the secret somewhere safe (like in a password manager). You won't be able to retrieve it from this page afterwards!
Finally, copy the app id and secret and upload them to the Nylas dashboard. To do that, head to the Nylas Dashboard and head to your application settings:
Office365 OAuth, and enter your
OAuth Client Id and
OAuth Client Secret:
Finally, click "Update Office365 OAuth Settings" to save these values. That's it — you're all setup to be using Office365 OAuth with the Nylas APIs!
Ready for production?
Updated 10 days ago