static void AssertSmtpFailureExampleFromRfc7628(SaslMechanismOAuthBearer sasl, string prefix)
{
const string failureResponse = "eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NoZW1lcyI6ImJlYXJlciBtYWMiLCJzY29wZSI6Imh0dHBzOi8vbWFpbC5leGFtcGxlLmNvbS8ifQ==";
const string expected = "bixhPXVzZXJAZXhhbXBsZS5jb20sAWhvc3Q9c2VydmVyLmV4YW1wbGUuY29tAXBvcnQ9NTg3AWF1dGg9QmVhcmVyIHZGOWRmdDRxbVRjMk52YjNSbGNrQmhiSFJoZG1semRHRXVZMjl0Q2c9PQEB";
string challenge;
Assert.IsTrue(sasl.SupportsInitialResponse, "SupportsInitialResponse");
challenge = sasl.Challenge(string.Empty);
Assert.IsTrue(sasl.IsAuthenticated, "IsAuthenticated");
Assert.AreEqual(expected, challenge, "Challenge");
Assert.AreEqual("AQ==", sasl.Challenge(failureResponse), "Failure response.");
}
static void AssertImapFailureExampleFromRfc7628(SaslMechanismOAuthBearer sasl, string prefix)
{
const string failureResponse = "eyJzdGF0dXMiOiJpbnZhbGlkX3Rva2VuIiwic2NvcGUiOiJleGFtcGxlX3Njb3BlIiwib3BlbmlkLWNvbmZpZ3VyYXRpb24iOiJodHRwczovL2V4YW1wbGUuY29tLy53ZWxsLWtub3duL29wZW5pZC1jb25maWd1cmF0aW9uIn0=";
const string expected = "bixhPXVzZXJAZXhhbXBsZS5jb20sAWhvc3Q9c2VydmVyLmV4YW1wbGUuY29tAXBvcnQ9MTQzAWF1dGg9QmVhcmVyIHZGOWRmdDRxbVRjMk52YjNSbGNrQmhiSFJoZG1semRHRXVZMjl0Q2c9PQEB";
string challenge;
Assert.IsTrue(sasl.SupportsInitialResponse, "SupportsInitialResponse");
challenge = sasl.Challenge(string.Empty);
Assert.IsTrue(sasl.IsAuthenticated, "IsAuthenticated");
Assert.AreEqual(expected, challenge, "Challenge");
Assert.AreEqual("AQ==", sasl.Challenge(failureResponse), "Failure response.");
}
static async Task AuthenticateAsync(ImapClient client)
{
var options = new PublicClientApplicationOptions {
ClientId = "Application (client) ID",
TenantId = "Directory (tenant) ID",
RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
};
var publicClientApplication = PublicClientApplicationBuilder
.CreateWithApplicationOptions(options)
.Build();
var scopes = new string[] {
"email",
"offline_access",
"https://outlook.office.com/IMAP.AccessAsUser.All", // Only needed for IMAP
//"https://outlook.office.com/POP.AccessAsUser.All", // Only needed for POP
//"https://outlook.office.com/SMTP.AccessAsUser.All", // Only needed for SMTP
};
var authToken = await publicClientApplication.AcquireTokenInteractive(scopes).WithLoginHint(ExchangeAccount).ExecuteAsync(cancellationToken);
await publicClientApplication.AcquireTokenSilent(scopes, authToken.Account).ExecuteAsync(cancellationToken);
// Note: We use authToken.Account.Username here instead of ExchangeAccount because the user *may* have chosen a
// different Microsoft Exchange account when presented with the browser window during the authentication process.
SaslMechanism oauth2;
if (client.AuthenticationMechanisms.Contains("OAUTHBEARER"))
{
oauth2 = new SaslMechanismOAuthBearer(authToken.Account.Username, authToken.AccessToken);
}
else
{
oauth2 = new SaslMechanismOAuth2(authToken.Account.Username, authToken.AccessToken);
}
await client.AuthenticateAsync(oauth2);
}
public void TestImapFailureExampleFromRfc7628()
{
const string userName = "******";
const string token = "vF9dft4qmTc2Nvb3RlckBhbHRhdmlzdGEuY29tCg==";
var credentials = new NetworkCredential(userName, token);
var uri = new Uri("imap://server.example.com:143");
SaslMechanismOAuthBearer sasl;
sasl = new SaslMechanismOAuthBearer(credentials)
{
Uri = uri
};
AssertImapFailureExampleFromRfc7628(sasl, "NetworkCredential");
sasl = new SaslMechanismOAuthBearer(userName, token)
{
Uri = uri
};
AssertImapFailureExampleFromRfc7628(sasl, "user/pass");
}
static async Task OAuthAsync(ImapClient client)
{
var clientSecrets = new ClientSecrets {
ClientId = "XXX.apps.googleusercontent.com",
ClientSecret = "XXX"
};
var codeFlow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer {
DataStore = new FileDataStore("CredentialCacheFolder", false),
Scopes = new [] { "https://mail.google.com/" },
ClientSecrets = clientSecrets
});
// Note: For a web app, you'll want to use AuthorizationCodeWebApp instead.
var codeReceiver = new LocalServerCodeReceiver();
var authCode = new AuthorizationCodeInstalledApp(codeFlow, codeReceiver);
var credential = await authCode.AuthorizeAsync(GMailAccount, CancellationToken.None);
if (credential.Token.IsExpired(SystemClock.Default))
{
await credential.RefreshTokenAsync(CancellationToken.None);
}
// Note: We use credential.UserId here instead of GMailAccount because the user *may* have chosen a
// different GMail account when presented with the browser window during the authentication process.
SaslMechanism oauth2;
if (client.AuthenticationMechanisms.Contains("OAUTHBEARER"))
{
oauth2 = new SaslMechanismOAuthBearer(credential.UserId, credential.Token.AccessToken);
}
else
{
oauth2 = new SaslMechanismOAuth2(credential.UserId, credential.Token.AccessToken);
}
await client.AuthenticateAsync(oauth2);
}
