(IDP-Email forwarding) Configure OAuth for Outlook Attachments (Microsoft Graph)

Nextworld Platform
, ,
1

This configuration is part of the email forwarding feature available for the platform. This configuration step is only required for Power Automate flows which use email attachments, and occurs after you:

Microsoft Graph OAuth Setup

To set up your endpoint and permissions for an Outlook account, you can use either Application permissions or Delegated permissions.

Prerequisites

  • Microsoft 365 or Azure account with premium

  • Admin access

Step 1 — Register an Application

  1. Go to Microsoft Entra admin center
  2. Navigate to Application Registrations and select New Registration
  3. Enter an application name
  4. Select the appropriate supported account type (typically Single tenant)
  5. Select Register

Copy the following from the Application Overview page:

  • Tenant ID
  • Client ID

Step 2 — Create a Client Secret

  1. Open the registered application
  2. Navigate to Certificates & Secrets
  3. Select New Client Secret
  4. Choose an expiration period
  5. Select Add
  6. Record the Secret value.

Step 3 - API permissions

For Delegated permissions:

  1. Navigate to API Permissions
  2. Select Add a Permission
  3. Choose Microsoft Graph
  4. Select Application Permissions
  5. Add Mail.Read, offline_access, openid, profile, User.Read (all type = Delegated)
  6. Select Grant Admin Consent. You may need a system administrator to allow this.

For Application permissions:

  1. Navigate to API Permissions
  2. Select Add a permission
  3. Choose Microsoft Graph
  4. Select Application Permissions
  5. Add Mail.Read - type Application

Step 4 - Authentication

If you are using delegated permissions, add a redirect URL such as h ttps://{yourdomainname}/
For example, https://apps.nextworld.net/

Platform Configuration Steps

Delegated Microsoft Permissions:

In the Endpoint Definitions application, open the InboundEmails record and enter the endpoint URL: https://graph.microsoft.com/v1.0/me/messages/{UNSOEmailMessageId}/attachments/{UNSOEmailAttachmentId}/$value

Then, navigate to the OAuth Setup application and create a record of type Authorization Code with:

  • 3rd Party OAuth2 Auth Server URL: Retrieve from your configuration in Azure or Microsoft 365. It will be formatted like h ttps://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize with your personal tenant-id in the curly brackets.

  • 3rd Party OAuth2 Access Token URL: h ttps://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token with your personal tenant-id in the curly brackets.

  • Client ID: Retrieve from your configuration in Azure or Microsoft 365.

  • Scope: openid profile offline_access User.Read Mail.Read

  • Select the Exclude Fragment checkbox.

Application Microsoft Permissions:

In the Endpoint Definitions application, open the InboundEmails record and enter the endpoint URL: https://graph.microsoft.com/v1.0/users/{UNSOEmailRecipients}/messages/{UNSOEmailMessageId}/attachments/{UNSOEmailAttachmentId}/$value in the Endpoint Definition record.

Then, navigate to the OAuth Setup application and create a record of type Client Credentials with:

  • 3rd Party OAuth2 Auth Server URL: Retrieve from your configuration in Azure or Microsoft 365. It will be formatted like h ttps://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize with your personal tenant-id in the curly brackets.

  • 3rd Party OAuth2 Access Token URL: h ttps://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token with your personal tenant-id in the curly brackets.

  • Client ID: Retrieve from your configuration in Azure or Microsoft 365.

  • Scope: https://graph.microsoft.com/.default

(IDP-Email forwarding) Power Automate Setup for forwarding emails WITH ATTACHMENTS into the platform