OAuth2 Connector

py-ews now allows the user to authenticate using OAuth2. You can authenticate with OAuth2 using multiple different grant flow types. Below are the list of authentication methods which can be used within the py-ews OAuth2 authentication:

  • legacy_app_flow
  • auth_code_grant
  • client_credentials_grant
  • backend_app_flow
  • web_application_flow
  • implicit_grant_flow

The OAuth2Connector class also supports both version 1 and 2 of Microsoft’s OAuth2 authentication schema. By default, py-ews will attempt to use both versions before failing.

You can set the details around OAuth2 authentication using the Authentication class. At a minimum you must provide values for the following properties on the Authentication object:

  • oauth2_authorization_type (one of the values above)
  • client_id
  • client_secret
  • tenant_id

Additional properties include:

  • access_token
  • redirect_uri
  • oauth2_scope
  • username
  • password
  • resource

Auth Code Grant (Interactive)

The auth_code_grant authorization type is the most common and will suffice for most situations. This method requires the following property values:

  • client_id
  • client_secret
  • tenant_id
  • redirect_uri
  • oauth2_scope

Once you choose this method you will be prompted to visit a provided URL and then copy the response URL back into the console to generate your required access_token.

Client Credentials Grant (Non-Interactive)

The client_credentials_grant authorization type is the second most common and will also suffice for most situations. This method requires the following property values:

  • client_id
  • client_secret
  • tenant_id

Once you choose this method you will NOT be prompted. This method is considered a Dameon or non-interactive authentication.

Implict Grant Flow (Interactive)

The implicit_grant_flow authorization requires the following property values:

  • client_id
  • tenant_id
  • redirect_uri

Once you choose this method you will be prompted to visit a provided URL and then copy the response URL back into the console to generate your required access_token.

Web Application Flow (Non-Interactive)

The web_application_flow authorization requires the following property values:

  • client_id
  • client_secret
  • tenant_id
  • redirect_uri

Legacy App Flow (Non-Interactive)

The legacy_app_flow authorization requires the following property values:

  • client_id
  • client_secret
  • tenant_id
  • redirect_uri
  • username
  • password
  • scope

Backend App Flow (Non-Interactive)

The backend_app_flow authorization requires the following property values:

  • client_id
  • client_secret
  • tenant_id
  • scope or resource
class pyews.core.oauth2connector.OAuth2Connector(endpoint_version='v1')

OAuth2Connector is the base (parent) class of both Search and Delete classes. It is used to perform either delegated authentication flows like: (Single-Page, Web Apps, Mobile & Native Apps - Grant Auth Flow) or you can use it in the application authentication auth flows like: (Client Credentials Grant Auth Flow)

Args:
client_id (str): Your Azure AD Application client ID client_secret (str): Your Azure AD Application client secret tenant_id (str): Your Azure AD tenant ID username (str, optional): A username used to authenticate to Azure or Office 365. Defaults to None. If provided, will use delegated authentication flows password (str, optional): The password used to authenticate to Azure or Office 365. Defaults to None. If provided, will use delegated authentication flows scopes (list, optional): A list of scopes defined during your Azure AD application registration. Defaults to [’https://graph.microsoft.com/.default’]. verify_ssl (bool, optional): Whether to verify SSL or not. Defaults to True.
AUTH_MAP = {'v1': {'authorize_url': 'https://login.microsoftonline.com/{tenant_id}/oauth2/authorize', 'resource': 'https://outlook.office365.com', 'token_url': 'https://login.microsoftonline.com/{tenant_id}/oauth2/token'}, 'v2': {'authorize_url': 'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize', 'scope': 'https://outlook.office365.com/EWS.AccessAsUser.All', 'token_url': 'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token'}}
auth_code_grant()

Authorization Code Flow Grant Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

backend_app_flow()
client_credentials_grant()

Client Credentials Code Flow Grant Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

implicit_grant_flow()

Implicit Grant Flow Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow

legacy_app_flow()

Resource Ownwer Password Credentials Grant Flow Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

web_application_flow()