Authenticating Microsoft accounts with Nylas

After you create an Azure application, your next step is deciding how to authenticate your users to Nylas.

Nylas Hosted Auth follows the OAuth 2.0 flow, and Nylas takes care of the underlying authentication process. To set up your auth flow, you must first configure Hosted Auth using either an API key or an access token.

Before you begin

Before you choose an authentication method, Nylas recommends you read the following documentation:

• Hosted Authentication with an API key
• Hosted Authentication with an access token
• Bring Your Own Authentication

You also need to complete the following prerequisites for your production application:

• Complete Microsoft’s domain verification process.
• Become a Microsoft verified publisher.

Authenticate Exchange accounts

Microsoft announced the retirement of Exchange Web Services in 2022 and strongly recommended that all users migrate to use Microsoft Graph. Users on Exchange Online have already been migrated.

Nylas includes an EWS connector that you can use to authenticate accounts hosted on Exchange on-premises servers. Other types of Exchange accounts must upgrade to use Microsoft Graph scopes, then authenticate using the Microsoft connector.

For more information, see Authenticate Exchange on-prem servers with Nylas.

Authenticate Microsoft shared mailboxes

Microsoft’s shared mailboxes are individual mailboxes that multiple users can access. Each shared mailbox has its own email address and password.

Shared mailboxes might not have a set password when they’re created. In this case, you’ll need to use Microsoft’s password reset process to create a password before you can authenticate the shared mailbox with Nylas.

After you set a password for the shared mailbox, you can authenticate it with Nylas like any other Microsoft account. It functions as a regular user account with a grant in your Nylas integration.

Set up Bring Your Own Authentication

Microsoft supports modern authentication/OAuth only. The flow follows these basic steps:

1. Your Nylas application completes the OAuth process with Microsoft and receives a refresh_token for the user’s account.

2. Your application makes a Bring Your Own Authentication request to Nylas using the user’s refresh_token.

   curl --request POST
     --url 'https://api.us.nylas.com/v3/connect/custom' \
     --header 'Accept: application/json, application/gzip' \
     --header 'Authorization: Bearer <NYLAS_API_KEY>'\
     --header 'Content-Type: application/json' \
     --data '{
       "provider": "microsoft",
       "settings": {
         "refresh_token":"<REFRESH_TOKEN>"
       },
       "state": "<STATE>"
     }'

3. Nylas creates a grant for the user and returns its details.