Create a Azure App
This guide covers how to set up a Microsoft OAuth application to start authenticating O365 users via OAuth.
Create your free Microsoft Azure account if you don't already have one. You'll use this account to create the Microsoft developer application that is used for authenticating end users via OAuth with Nylas.
Staging and Production OAuth
Don't set up Office 365 on your production app before testing on your staging app. Once the OAuth settings are added, they can't be deleted.
Create an OAuth Application
First, create an app for authenticating your customers to Microsoft 365. Use the Azure web portal.
Log in to Azure
- Head to https://portal.azure.com and log in.
- In the menu, select Azure Active Directory.
- On the new menu select App Registrations.
- Then click New Registration.
New App Registration
- Set your name to your app's name. This will be visible to your users.
- Set the audience for this app to Account in any organizational directory to be able to log in to any account using Office365. You can also restrict it to internal accounts, Accounts in this organizational directory only, if you're building an internal app.
- On the same screen, set the Redirect URI to Web
- If you are using Hosted Authentication use
https://api.nylas.com/oauth/callback. - If you are using Hosted Authentication and are using our European datacenter, use
https://ireland.api.nylas.com/oauth/callback. - If you are using Native Authentication use your app's callback URI.
- If you are using Hosted Authentication use
Congrats!
Congrats, you've just created your app!
Enable the Required APIs
To enable the required APIs, you need to add the permissions to the app Manifest.
Required Permissions
- Azure Active Directory Graph
- User.Read - Sign in and read user profile
- Microsoft Graph
- offline_access - Maintain access to data you have given it access to
- openid - Sign users in
- profile - View users' basic profile
- User.Read - Sign in and read user profile
- Calendars.Read.Shared - Read user calenders
- Calendars.ReadWrite.Shared - Read and write to user calendars
- Office 365 Exchange Online
- EAS.AccessAsUser.All - Access mailboxes via Exchange ActiveSync
- EWS.AccessAsUser.All - Access mailboxes as the signed-in user via Exchange Web Services
Microsoft Graph for Events
Nylas offers Microsoft Graph for events. To enable this feature, read our Graph for Events documentation.
To get there from the Azure home page:
- Go to Home > Azure Active Directory > App Registrations.
- Click on your app name.
- Then click Manifest.
- In the Manifest code, look for
requiredResourceAccess.
The Manifest allows you to update the app directly by editing the JSON. Learn more about the Manifest at Microsoft.
Existing Manifest Data
If you already have values in requiredResourceAccess you will need to add to the existing data. if you need help with this, please reach out to Nylas support. To help get support faster, add Nylas to your application as a user.
- Update the
requiredResourceAccessto have the Manifest code. If there are existing permissions, this will overwrite them.
Manifest JSON
This example includes the required Graph permissions when creating an Azure App with the changes to Microsoft Exchange Online and Basic Auth.
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "266d2589-20b5-4f91-9a03-89247d1be8da",
"type": "Scope"
},
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "a4b8392a-d8d1-4954-a029-8e668a39a170",
"type": "Scope"
},
{
"id": "570282fd-fa5c-430d-a7fd-fc8dc98a9dca",
"type": "Scope"
},
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "9769c687-087d-48ac-9cb3-c37dde652038",
"type": "Scope"
},
{
"id": "a367ab51-6b49-43bf-a716-a1fb06d2a174",
"type": "Scope"
},
{
"id": "5df07973-7d5d-46ed-9847-1271055cbd51",
"type": "Scope"
},
{
"id": "7b9103a5-4610-446b-9670-80643382c1fa",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "024d486e-b451-40bb-833d-3e66d98c5c73",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "1ec239c2-d7c9-4623-a91a-a9775856bb36",
"type": "Scope"
},
{
"id": "ff74d97f-43af-4b68-9f2a-b77ee6968c5d",
"type": "Scope"
},
{
"id": "d56682ec-c09e-4743-aaf4-1a3aac4caa21",
"type": "Scope"
},
{
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
},
{
"id": "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0",
"type": "Scope"
},
{
"id": "14dad69e-099b-42c9-810b-d002981feec1",
"type": "Scope"
},
{
"id": "ff91d191-45a0-43fd-b837-bd682c4a0b0f",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
]
- Save the Manifest.
- All the necessary permissions have been added. To check the API permissions, click API Permissions from the menu.
Create the OAuth Credentials
- From the App menu click Certificates & secrets.
- Click New client secret.
- Give the secret a name and an expiration date of 24 months. Click Add.
- Copy the value from the Client secrets page, and save it somewhere safe. Once you leave this page, you won't be able to retrieve the value afterward.
Expiration Dates
Microsoft no longer allows client secret expirations of never.
Copy the Client ID
- In Azure, go to the App Registrations page and copy the Application (client) ID.
Add Client ID and Secret to Nylas
- Go to your Nylas Dashboard / App Settings / Authentication section.
- Add the Client ID and Client Secret to Office 365 Auth, then click Save Changes.
Getting Ready for Production
Microsoft requires apps that access user data to go through a domain verification process. Reach out to Nylas support for more assistance.