To set up OAuth 2.0 to use authorization code with PKCE, you must register your Azure Active Directory application.

To register your Azure Active Directory application with the Microsoft identity platform, perform the following steps:

Procedure

  1. Log in to the Microsoft Azure portal.
    Azure portal login page
    Note: Enter your complete email address including the domain (for example: abc@domain.com).
  2. On the Home page, click View under the Manage Azure Active Directory option.
  3. On the Overview page, select App registrations from the Manage panel and then click + New registration.
  4. On the Register an application page, enter the appropriate name in the Name field, then select the supported account type and configure the Redirect URI.
    1. For the Redirect URI platform, select the Public client/native (mobile & desktop) option.
    2. Set the Redirect URI to http://localhost:9999/Callback.
      Ensure that port 9999 is open or use any other open port.
    3. Click Register to complete the initial app registration.
    Registering an application for PKCE flow
  5. To set the API permission for the application to access the API resources, select the API permissions option under the Manage panel.
  6. Click + Add a permission > Microsoft APIs and select Microsoft Graph.
    Grant API permission screen
  7. Select Delegated permissions and perform the following steps:
    1. Select the following permissions:
      • email
      • offline_access
      • openid
      • profile
    2. Search with User in the Select permissions search box and expand User option.
    3. Select the User.Read check box.
      Note: Administrators can use New-ApplicationAccessPolicy PowerShell cmdlet to limit access to specific mailboxes. For more information, see Limiting application permissions to specific Exchange Online mailboxes.
    4. Search with Mail in the Select permissions search box and expand the Mail option.
    5. Select the Mail.ReadWrite and Mail.Send API permissions.
      Select the permissions for PKCE flow
    6. Click Add permissions.
    7. Click Yes to grant permission to use the API.
      Ensure that the permissions are granted by an administrator or a user with administrator privileges, as shown in the following:
      API permissions granted for PKCE
  8. After an application is registered, the application is assigned with the Client ID and Tenant ID. You can click Copy to clipboard to copy the tenant and the client IDs.
    Copy the Client ID, Tenant ID and Redirect URL
    You can use the Client ID, Tenant ID, and Client secret to establish a connection with a Microsoft 365 Outlook server.
    Note: If the mailbox is used inside a Loop action, ensure that you register the user who is assigned to perform the automation. For more information , see Manage users and groups assignment to an application.