Microsoft’s OAuth is used to access Outlook.com and Office 365 address books. Outlook.com also includes hotmail.com, live.com and associated internationalized email addresses.
After you follow these steps, your users will see your domain in the Microsoft Authentication window instead of ours.
- If you haven’t already done so, create a Proxy URL on your application’s domain.
- Go to App Registrations in the Azure Portal.
- Click on New registration and complete the “Register an application” form:
- Name: Enter the name of your app,
- Supported account types: choose “Accounts in any organizational directory and personal Microsoft accounts”. This is an important step. Without the correct selection, you will be limited by who is able to share their contacts based on the type of Microsoft account they have.
- Redirect URI: enter the public URL of your Proxy URL from Step 1.
- Click Register to create the registration. You should be redirected to the new App registration.
- Click on Manage > Branding in the App registrations side menu. This page lets you specify what the user will see and input your branding details:
- Upload your logo, paying close attention to Microsoft’s requirements for image format and size. This is considered best practice since it creates a visual cue for users as they are being asked to share their information.
- Enter the URLs for your Home page, Terms of Service and Privacy Statement. These pages are linked to from the OAuth consent page.
- Verify your Publisher Domain:
- Click Configure a domain or Update domain (depending on which is visible)
- Select the Verify a new domain tab, if it is visible.
- Publisher Domain: Enter your application’s domain.
- Upload the JSON content to the location specified on the form.
- Click “Verify and save domain”.
- Enter your MPN Publisher ID
- Under Publisher verification, click on Add MPN ID…
- Enter your Publisher MPN ID into the MPN ID field and click “Verify and save”
- Save your branding changes.
- Add API permissions:
- Click on Manage > API permissions in the App registrations side menu.
- Click on Add a permission to open the permissions selector.
- Click on Microsoft Graph
- Click on Delegated permissions
- Find and select Contacts.Read in the list.
- Click Add permissions.
- Get your client secret:
- Click on Manage > Certificates & secrets in the App registrations side menu.
- Click on New client secret
- Enter a Description for the secret, e.g. CloudSponge
- Select “Never” for the Expires value.
- Click Add.
- Add your OAuth credential to CloudSponge:
- Sign in to your CloudSponge account and Add OAuth Credential from your keys page.
- Enter the Client ID and Client Secret that you recorded above, and the Redirect URI where you created the CloudSponge Proxy in step 1 above.
- Your Microsoft app has several IDs, be sure to use the Application (client) ID.
- To associate the branding with your site: click Sites, click the Assign OAuth button beside your site and choose the new branding in the Outlook.com dropdown.
- Phew! You are done! Now you can test your connection to Outlook.com on your site to verify that the OAuth flow correctly reflects your branding.
You can learn more about Microsoft’s Application Registration Portal here.
Microsoft will display ‘unverified’ to your users next to your app name during the OAuth flow. Obviously, this is not ideal. It erodes people’s confidence and will prevent some of them from completing the sharing request.
To fix it, you’ll need to become a verified member of the Microsoft Partner Network (MPN). This process is not complicated. Microsoft will verify your business name, address and your contact information. Once they’ve done so, they will issue you a Publisher ID which you can add to your App Registration and the “unverified” label will be replaced with a verified badge.
Here’s the place to start learning about the MPN.
If you are ready to dive in, get started with the steps below:
- Visit https://partner.microsoft.com/
- Click “Sign in“
- Click “Become a partner“
- Follow the steps to verify yourself and your company
- Wait for Microsoft to complete the verification
In our experience, Microsoft did not send any notification upon successful completion of the MPN application. So be sure to sign in to your account to check on the current status.