amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-05-29 15:15:36 +00:00
Code Issues Projects Releases Wiki Activity

Implement Device Code and Client Secret auth flow for MS Graph (#320)

Browse Source 
* implement DeviceCode and ClientSecret auth flow for MS Graph

* update readme for MS Graph auth method additions

* add warning to msgraph config setup
This commit is contained in:
Nathan Thorpe
2022-05-14 09:58:22 -07:00
committed by GitHub
parent ed39c7d89e
commit 9bf4e75e0e
4 changed files with 130 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/index.rst
+15 -4
View File
@@ -216,14 +216,25 @@ The full set of configuration options are:
- ``password`` - str: The IMAP password
- ``msgraph``
- ``user`` - str: The M365 user
- ``password`` - str: The user password
- ``auth_method`` - str: Authentication method, valid types are UsernamePassword, DeviceCode, or ClientSecret (Default: UsernamePassword).
- ``user`` - str: The M365 user, required when the auth method is UsernamePassword
- ``password`` - str: The user password, required when the auth method is UsernamePassword
- ``client_id`` - str: The app registration's client ID
- ``client_secret`` - str: The app registration's secret
- ``mailbox`` - str: The mailbox name. This defaults to the user that is logged in, but could be a shared mailbox if the user has access to the mailbox
- ``tenant_id`` - str: The Azure AD tenant ID. This is required for all auth methods except UsernamePassword.
- ``mailbox`` - str: The mailbox name. This defaults to the current user if using the UsernamePassword auth method, but could be a shared mailbox if the user has access to the mailbox
.. note::
You must create an app registration in Azure AD and have an admin grant the Microsoft Graph `Mail.ReadWrite` (delegated) permission to the app.
You must create an app registration in Azure AD and have an admin grant the Microsoft Graph ``Mail.ReadWrite`` (delegated) permission to the app.
If you are using `UsernamePassword` auth and the mailbox is different from the username, you must grant the app ``Mail.ReadWrite.Shared``.
.. warning::
If you are using the `ClientSecret` auth method, you need to grant the ``Mail.ReadWrite`` (application) permission to the app.
You must also restrict the application's access to a specific mailbox since it allows all mailboxes by default.
Use the ``New-ApplicationAccessPolicy`` command in the Exchange PowerShell module.
``New-ApplicationAccessPolicy -AccessRight RestrictAccess -AppId "<CLIENT_ID>" -PolicyScopeGroupId "<MAILBOX>" -Description "Restrict access to dmarc reports mailbox."``
- ``elasticsearch``
- ``hosts`` - str: A comma separated list of hostnames and ports or URLs (e.g. ``127.0.0.1:9200`` or ``https://user:secret@localhost``)