Step 1: Register an Application in Microsoft Entra ID
Sign in to the Microsoft Azure portal:
Navigate to:
Microsoft Entra ID → App registrations → New registration
Configure:
Name:
My Email ApplicationSupported account types:
Usually Accounts in this organizational directory only
Redirect URI:
Web:
http://localhost:8080/callback(Can be changed later)
Click Register.
Step 2: Create a Client Secret
Open your app registration.
Go to:
Certificates & Secrets → New client secretEnter a description.
Choose expiry period.
Click Add.
Copy and save:
Client Secret Value
Application (Client) ID
Directory (Tenant) ID
Step 3: Add API Permissions
Go to:
API Permissions → Add Permission → Microsoft Graph
Add delegated permissions:
offline_accessopenidprofileMail.Send
Click Grant Admin Consent if required.
Step 4: Generate Authorization URL
Replace placeholders:
https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize
?client_id=CLIENT_ID
&response_type=code
&redirect_uri=http://localhost:8080/callback
&response_mode=query
&scope=offline_access Mail.Send
Example:
https://login.microsoftonline.com/xxxxxxxx/oauth2/v2.0/authorize?client_id=yyyyyyyy&response_type=code&redirect_uri=http://localhost:8080/callback&response_mode=query&scope=offline_access%20Mail.Send
Open this URL in a browser.
Step 5: Sign In and Grant Consent
Log in with the Office 365 mailbox account.
Accept permissions.
Microsoft redirects to:
http://localhost:8080/callback?code=LONG_AUTH_CODE
Copy the value of code.
Step 6: Exchange Authorization Code for Refresh Token
Using cURL:
curl -X POST \
https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token \
-d "client_id=CLIENT_ID" \
-d "client_secret=CLIENT_SECRET" \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "redirect_uri=http://localhost:8080/callback"
Response:
{
"token_type": "Bearer",
"expires_in": 3599,
"access_token": "...",
"refresh_token": "0.AAAA...."
}
Copy the value of:
refresh_token
Step 7: Configure Your Application
For a CodeIgniter 4 application, place it in .env:
office365.clientId=YOUR_CLIENT_ID
office365.clientSecret=YOUR_CLIENT_SECRET
office365.tenantId=YOUR_TENANT_ID
office365.refreshToken=YOUR_REFRESH_TOKEN
Or in your custom configuration file:
public string $clientId = '...';
public string $clientSecret = '...';
public string $tenantId = '...';
public string $refreshToken = '...';
Step 8: Test Token Refresh
Test manually:
curl -X POST \
https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token \
-d "client_id=CLIENT_ID" \
-d "client_secret=CLIENT_SECRET" \
-d "grant_type=refresh_token" \
-d "refresh_token=YOUR_REFRESH_TOKEN"
If successful, Microsoft returns a new access token.
No comments:
Post a Comment