Office 365 Module

Requirements

• A valid app registration within the Azure Active Directory Blade. Create yours at the Microsoft Azure Portal
• You must create a "Web" Redirect URL. The default configuration for PwnAuth is /oauth/api/microsoft/callback
• Be sure to create a secret key and ensure your permissions include user.read and offline_access

App Installation

1. Import the settings for your OAuth application into PwnAuth by using the app create form
2. The default authorization URL to provide https://login.microsoftonline.com/common/oauth2/v2.0/authorize
3. The default token URL to provide is https://login.microsoftonline.com/common/oauth2/v2.0/token
4. Scopes should be a comma-separated lowercase list of the app permissions you added in the Microsoft Portal
5. Conclude Redirect is where you want users to be redirected after consenting.

Sending users links to the app

1. Inside PwnAuth Select the Office365 API from the first drop-down
2. Select app from the second drop-down
3. Select get from the third drop-down and press Go
4. The authorization_url_full JSON parameter is the full link to send to users to consent to your application

Using the application

• Currently the webUI does not automatically update when new users consent to the application. You must reload the page to see if new users have consented. The third drop-down box will populate with the names and email addresses of consented users.
• The application can be used entirely from the /oauth page:
• The first drop-down selects the API module to use
• The second drop-down selects the API Sphere (e.g. mail messages, attachments, onedrive)
• The third drop-down selects the user to perform the operation on
• The fourth drop-down selects the operation to perform (e.g. Get, Create, Delete)
• Depending on the operation and API sphere, additional input fields may appear to filter the results that get returned