Postie and OAuth2/Modern Authentication

domvalle@comcast.net · June 06, 2025, 12:23:26 PM

Hi,
We are trying to access an Office 365 mailbox with postie from outlook.office365.com.
We cannot authenticate or login as Microsoft no longer support basic authentication.
OAuth2/Modern Auth seems very complicated to implement.
Are there any suggestions for this?
...here are the results:

host="outlook.office365.com"
fromaddr=""
userid="user@xyz.org"
password="........"
port=""
msgnumber=""
extractfile=""
mailbox=""
flags="4"

kInit(host,fromaddr,userid,password,port,"TLS")
allmsgs=kGetMail( msgnumber, extractfile, "", mailbox, flags)

RETURNS ERROR:
Could not log in as 'user@xyz.org' to: outlook.office365.com:993
2 NO AUTHENTICATE failed.

td · June 06, 2025, 05:03:45 PM

Please review this topic on this forum:

https://forum.winbatch.com/index.php?msg=17100

spl · June 08, 2025, 08:56:20 AM

Quote from: domvalle@comcast.net on June 06, 2025, 12:23:26 PMHi,
We are trying to access an Office 365 mailbox with postie from outlook.office365.com.

You can utilize my StdOut function for running PS in WB and run Graph API code.

domvalle@comcast.net · June 10, 2025, 10:51:32 AM

thank you Stan,
...I cannot seem to find the StdOut w/Graph post, can you provide the link?

spl · June 11, 2025, 06:22:47 AM

Quote from: domvalle@comcast.net on June 10, 2025, 10:51:32 AMthank you Stan,
...I cannot seem to find the StdOut w/Graph post, can you provide the link?

Sorry if my post was confusing. The Stdout() function was posted with examples to simply process return values from PS code. Unfortunately I cannot post the script I wrote for using it with graph. It is not complicated, as PS does the heavy lifting, but contained proprietary values from who it was written for and I am not at liberty to post.

Using PS for OAuth 2.0 is not, as I said, complicated... it handles tenant ID, secrets, base64 for authentication. For pure WB, you could use WinHTTP 5.1 for auth token and create an SMTP email, but would probably take some work and Tony et. al would have already confirmed that.

If you want to take the PS route via Stdout() function, I recommend you first obtain the Graph API cmdlets with (run in PS ISE as admin)

Code Select

$module = "Microsoft.Graph"
if (!(Get-Module -ListAvailable -Name $module)) { Install-Module -Name $module  -allowclobber -force } 
Update-Module -Name Microsoft.Graph
$maximumfunctioncount = 32768
Exit

This is the graph SDK and produces the following modules (as graph is quite huge)

Code Select

Microsoft.Graph.Applications
Microsoft.Graph.Authentication
Microsoft.Graph.BackupRestore
Microsoft.Graph.Bookings
Microsoft.Graph.Calendar
Microsoft.Graph.ChangeNotifications
Microsoft.Graph.CloudCommunications
Microsoft.Graph.Compliance
Microsoft.Graph.CrossDeviceExperiences
Microsoft.Graph.DeviceManagement
Microsoft.Graph.DeviceManagement.Administration
Microsoft.Graph.DeviceManagement.Enrollment
Microsoft.Graph.DeviceManagement.Functions
Microsoft.Graph.Devices.CloudPrint
Microsoft.Graph.Devices.CorporateManagement
Microsoft.Graph.Devices.ServiceAnnouncement
Microsoft.Graph.DirectoryObjects
Microsoft.Graph.Education
Microsoft.Graph.Files
Microsoft.Graph.Groups
Microsoft.Graph.Identity.DirectoryManagement
Microsoft.Graph.Identity.Governance
Microsoft.Graph.Identity.Partner
Microsoft.Graph.Identity.SignIns
Microsoft.Graph.Mail
Microsoft.Graph.Notes
Microsoft.Graph.People
Microsoft.Graph.PersonalContacts
Microsoft.Graph.Planner
Microsoft.Graph.Reports
Microsoft.Graph.SchemaExtensions
Microsoft.Graph.Search
Microsoft.Graph.Security
Microsoft.Graph.Sites
Microsoft.Graph.Teams
Microsoft.Graph.Users
Microsoft.Graph.Users.Actions
Microsoft.Graph.Users.Functions

If you have the SDK then the next steps are simply googling/co-piloting for PS code to create email with graph API, and if you have a clientID etc.. I can assist you with StdOut()

td · June 11, 2025, 09:10:06 AM

Quote from: domvalle@comcast.net on June 10, 2025, 10:51:32 AMthank you Stan,
...I cannot seem to find the StdOut w/Graph post, can you provide the link?

You can send to and read email messages from Office 365 OAUTH2 authentication using WinBatch COM Automation. The caveat is that you need at least some elements of Outlook on your local machine. It is straightforward to implement. The topic I linked to has Stan's COM example.

spl · June 12, 2025, 07:21:41 AM

Quote from: td on June 11, 2025, 09:10:06 AM
Quote from: domvalle@comcast.net on June 10, 2025, 10:51:32 AMthank you Stan,
...I cannot seem to find the StdOut w/Graph post, can you provide the link?

You can send to and read email messages from Office 365 OAUTH2 authentication using WinBatch COM Automation. The caveat is that you need at least some elements of Outlook on your local machine. It is straightforward to implement. The topic I linked to has Stan's COM example.

Tony. Appreciate your comments. Didn't mean to appear to push PS (and especially graph) but the OP originally asked about a Postie script, and not clear about how the 365 source came into the picture and outlook resources not present for the code I wrote you referred to. As you know, Win11 offers you a 365 outlook email account that handles oAuth.

td · June 12, 2025, 08:16:45 AM

The OP mentioned "Office 365 mailbox with postie from outlook.office365.com". That is where the reference to Office 365 came from. It is just an MSFT branding term.

My only point was that the line 'objOutlook = ObjectCreate("Outlook.Application")' requires that "Outlook.Application" needs to be registered on the system running the script. It usually is, but that is not guaranteed to be the case.

I know that the COM Automation server accessed via 'objOutlook = ObjectCreate("Outlook.Application")' works with OAuth2 authentication against MSFT's cloud-based email service because I use it for that purpose. It is a simple solution to the OAuth2 problem.

spl · June 12, 2025, 09:08:07 AM

Quote from: td on June 12, 2025, 08:16:45 AMI know that the COM Automation server accessed via 'objOutlook = ObjectCreate("Outlook.Application")' works with OAuth2 authentication against MSFT's cloud-based email service because I use it for that purpose. It is a simple solution to the OAuth2 problem.

Not questioning that. But perhaps users should be a little more considerate explaining the full scenario for a requests.

domvalle@comcast.net · June 13, 2025, 10:39:44 AM

OK, so WinBatch COM Automation does work...
... just need to install Outlook,
Originally selected postie to run unattended on a server computer without Outlook,
...OAUTH2 seems to be too complicated for a simple script,
thanks!

td · June 13, 2025, 02:03:29 PM

You may have to do some hoop jumping to initially associate your system with your MSFT account.

spl · June 14, 2025, 04:02:49 AM

https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

spl · June 14, 2025, 08:54:31 AM

Quote from: spl on June 14, 2025, 04:02:49 AMhttps://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

P.S. I felt from the Op's original post that the object was to connect to OAuth2 via a non outlook scenario, and glad Tony referenced my earlier post using COM. If that is successful, great. I have helped a couple of friends with code to obtain tokens, secrets, and refresh with PS, as it handles the base64 and Rest queries with 10-12 lines of code. As I mentioned, those could be handled with WinHTTP requests and the bearer and other parameters handled with Postie. As Tony mentioned, as I did, that would take some hoops, if entirely done in WB.

News:

Postie and OAuth2/Modern Authentication