-
Notifications
You must be signed in to change notification settings - Fork 91
Office 365 Module
Doug B edited this page Dec 4, 2019
·
2 revisions
- A valid app registration within the Azure Active Directory Blade. Create yours at the Microsoft Azure Portal
- You must create a "Web" Redirect URL. The default configuration for PwnAuth is
/oauth/api/microsoft/callback
- Be sure to create a secret key and ensure your permissions include
user.read
andoffline_access
- Import the settings for your OAuth application into PwnAuth by using the
app create
form - The default authorization URL to provide
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
- The default token URL to provide is
https://login.microsoftonline.com/common/oauth2/v2.0/token
-
Scopes
should be a comma-separated lowercase list of the app permissions you added in the Microsoft Portal -
Conclude Redirect
is where you want users to be redirected after consenting.
- Inside PwnAuth Select the Office365 API from the first drop-down
- Select
app
from the second drop-down - Select
get
from the third drop-down and press Go - The
authorization_url_full
JSON parameter is the full link to send to users to consent to your application
- Currently the webUI does not automatically update when new users consent to the application. You must reload the page to see if new users have consented. The third drop-down box will populate with the names and email addresses of consented users.
- The application can be used entirely from the
/oauth
page: - The first drop-down selects the API module to use
- The second drop-down selects the API Sphere (e.g. mail messages, attachments, onedrive)
- The third drop-down selects the user to perform the operation on
- The fourth drop-down selects the operation to perform (e.g. Get, Create, Delete)
- Depending on the operation and API sphere, additional input fields may appear to filter the results that get returned