Integration with third party softwarePermissions for OAuth

Permissions for OAuth

Protocol

Grant type Minimum set of Azure Active Directory API permissions required

MS Graph

Resource Owner Password Credentials

Mail.ReadWrite (delegated)

Mail.ReadWrite.Shared (delegated)

Authorization Code

Mail.ReadWrite (delegated)

Mail.ReadWrite.Shared (delegated)

Client Credentials

Mail.ReadWrite (application)

IMAP Resource Owner Password Credentials Not applicable
Authorization Code

Mail.ReadWrite (delegated)

Mail.ReadWrite.Shared (delegated)

IMAP.AccessAsUser.All (delegated)

Client Credentials Not supported by Microsoft Azure Active Directory.
POP3 Resource Owner Password Credentials Not applicable
Authorization Code

Mail.ReadWrite (delegated)

Mail.ReadWrite.Shared (delegated)

POP.AccessAsUser.All (delegated)

Client Credentials Not supported by Microsoft Azure Active Directory.
SMTP Outbound Resource Owner Password Credentials Not applicable
Authorization Code

SMTP.Send (delegated)

Client Credentials Not supported by Microsoft Azure Active Directory.

In case of Authorization code grant for MS Graph, IMAP/POP3 using OAuth, and SMTP Outbound using OAuth:

  • The scope "offline_access" must be passed inside the scopes parameter while requesting the authorization code.

  • Passing the scopes "openid" and "profile" inside the scopes parameter while requesting the authorization code is optional.