Monday, July 13, 2026

Sending email from website using Microsoft Office 365 OAuth2


Step 1: Register an Application in Microsoft Entra ID

  1. Sign in to the Microsoft Azure portal:

    Microsoft Azure Portal

  2. Navigate to:

    Microsoft Entra ID → App registrations → New registration

  3. Configure:

    • Name: My Email Application

    • Supported account types:

      • Usually Accounts in this organizational directory only

    • Redirect URI:

      • Web: http://localhost:8080/callback

      • (Can be changed later)

  4. Click Register.


Step 2: Create a Client Secret

  1. Open your app registration.

  2. Go to:
    Certificates & Secrets → New client secret

  3. Enter a description.

  4. Choose expiry period.

  5. Click Add.

  6. Copy and save:

    • Client Secret Value

    • Application (Client) ID

    • Directory (Tenant) ID


Step 3: Add API Permissions

Go to:

API Permissions → Add Permission → Microsoft Graph

Add delegated permissions:

  • offline_access

  • openid

  • profile

  • Mail.Send

Click Grant Admin Consent if required.


Step 4: Generate Authorization URL

Replace placeholders:

https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize
?client_id=CLIENT_ID
&response_type=code
&redirect_uri=http://localhost:8080/callback
&response_mode=query
&scope=offline_access Mail.Send

Example:

https://login.microsoftonline.com/xxxxxxxx/oauth2/v2.0/authorize?client_id=yyyyyyyy&response_type=code&redirect_uri=http://localhost:8080/callback&response_mode=query&scope=offline_access%20Mail.Send

Open this URL in a browser.


Step 5: Sign In and Grant Consent

  1. Log in with the Office 365 mailbox account.

  2. Accept permissions.

  3. Microsoft redirects to:

http://localhost:8080/callback?code=LONG_AUTH_CODE

Copy the value of code.


Step 6: Exchange Authorization Code for Refresh Token

Using cURL:

curl -X POST \
https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token \
-d "client_id=CLIENT_ID" \
-d "client_secret=CLIENT_SECRET" \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "redirect_uri=http://localhost:8080/callback"

Response:

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "access_token": "...",
  "refresh_token": "0.AAAA...."
}

Copy the value of:

refresh_token

Step 7: Configure Your Application

For a CodeIgniter 4 application, place it in .env:

office365.clientId=YOUR_CLIENT_ID
office365.clientSecret=YOUR_CLIENT_SECRET
office365.tenantId=YOUR_TENANT_ID
office365.refreshToken=YOUR_REFRESH_TOKEN

Or in your custom configuration file:

public string $clientId = '...';
public string $clientSecret = '...';
public string $tenantId = '...';
public string $refreshToken = '...';

Step 8: Test Token Refresh

Test manually:

curl -X POST \
https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token \
-d "client_id=CLIENT_ID" \
-d "client_secret=CLIENT_SECRET" \
-d "grant_type=refresh_token" \
-d "refresh_token=YOUR_REFRESH_TOKEN"

If successful, Microsoft returns a new access token.



No comments:

Sending email from website using Microsoft Office 365 OAuth2

Step 1: Register an Application in Microsoft Entra ID Sign in to the Microsoft Azure portal: Microsoft Azure Portal Navigate to: Microsoft E...