I want to use the Microsoft 365 OAuth2 to authenticate and authorize users in a multi-tenant environment for IMAP/SMTP access using the scope:
openid profile email offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send
The issue is I need to make separate calls to get the access tokens related to exchange and another for getting the email of the user using the Graph scope.
This makes a complicated logic for a web-based access where you will need to get two separate auth code and separate access tokens to get the user email address and the imap/smtp access token.
I need both to make a auth call to access Imap/Smtp e.g.
var oauth2 = new SaslMechanismOAuth2 (Username, AccessToken);
Instead of making two calls, I was wondering if I got the id-token from the exchange scope (https://login.microsoftonline.com/common/oauth2/v2.0/token) and use optional claim for the user email address, will that be an acceptable way to get the user email? Is this email always available?
Otherwise is there a better way to do this (rather than getting two sets of access tokens)?
