At this time, ITS also supports connecting with other compatible mail clients using the Exchange and IMAP4 with OAuth2 connection methods, although Exchange is highly preferred. If you are using Microsoft Outlook as your email client, you should use the default Microsoft 365 Account type. Microsoft 365 also provides direct access to the USC calendar that is a part of your Office 365 account. Microsoft 365 only requires that you provide your email address and password for set up IMAP, however, requires additional server information. There are several advantages to setting up your email client to use “Microsoft 365”, “Office 365”, or “Exchange” rather than IMAP settings. If you are using an email client other than Outlook and Microsoft 365 or Office 365 is not a setup option, we recommend selecting the Exchange setup option and only using the IMAP (Internet Message Access Protocol) option if there is no other choice. When configuring your email client to work with your USC mailbox, we recommend selecting the Microsoft 365 setup wizard (choose when setting up Outlook). This page provides links to documentation on how to configure your email client to access Office 365. From then on, your sever uses the id_token and refresh_token to operate without the user being online (this the term "offline_access").ITS highly recommends using the Outlook email client or Outlook Web App (OWA) to access your USC Office 365 email. The first time a user will need to authenticate and configure (i.e. A common example would be syncing calendars. Once you have an id_token and refresh_token, you can use these values to interact with O365 on the end-user's behalf. Refresh tokens can be used even if the end-user is off line (there is no UX involved). This will give you both an id_token that can be used to hit the Office APIs as well as a refresh_token that you can use to get a new id_token when the existing token expires. You should be executing an OAUTH Code Grant workflow and adding "openid" and "offline_access" to your scopes. Offline does not mean "disconnected from the internet" but rather that the end-user is "offline" from your app (not able to interact with a UX).
This workflow requires the "offline_access" scope. I assume you are looking to access a user's data via a backend process. As soon as you get into the business of storing credentials, you own responsibility for securing those credentials. The purpose of OAUTH is to protect both your and your users.
0 kommentar(er)
