Help using OAuth 2.0 for interactive login

[Tre-Seibert]

Im developing a flask application that uses OAuth 2 to authorize my co workers using the app. Users are redirected to login with their Microsoft 365 credentials and are redirected to a webpage that displays their outlook emails. I can't seem to get this to work correctly. If anyone has developed an interactive login with exchangelib before please let me know. Thank you!

    email = session['email']

    app = PublicClientApplication(my_clinet_id, authority="https://login.microsoftonline.com/c96346da-466a-4b8f-85db-d793db7575b4")
    print("A local browser window will be open for you to sign in. CTRL+C to cancel.")
    result = None

    result = app.acquire_token_interactive(["EWS.AccessAsUser.All"])

    print(str(result))

    if "access_token" in result:
        print(result["access_token"])  # Yay!
    else:
        print(result.get("error"))
        print(result.get("error_description"))
        print(result.get("correlation_id"))  # You may need this when reporting a bug     

    creds = OAuth2AuthorizationCodeCredentials(access_token=result)
    print("Creds var: " + str(creds))
    conf = Configuration(server="outlook.office365.com", auth_type=OAUTH2, credentials=creds)
    a = Account(
        primary_smtp_address=email,
        access_type=DELEGATE,
        config=conf,
        autodiscover=False,
    )
    print(a.root.tree())

invalid_client
AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 2ee2fd97-a2c0-4922-840a-9de61eb52a00
Correlation ID: f5443090-5704-4690-a588-acbe611ca279
Timestamp: 2023-06-28 17:55:03Z
f5443090-5704-4690-a588-acbe611ca279

[ecederstrand]

Which line returns the invalid_client message? I assume it's app.acquire_token_interactive(), meaning that this is an issue with your Azure client and/or credentials, and thus not any exchangelib-specific code.

The example in the docs for MSAL have been tested to work: https://ecederstrand.github.io/exchangelib/#msal-on-office-365

The error message seems to indicate that the client ID is for a private client that needs the client secret.

[Tre-Seibert]

It ended up being an error on my part. In my Azure AD Portal I had the redirect URI as a Web Application and not a Desktop/Mobile application. After changing this setting, the error did not persist.