Configuring OAuth Client

1. Logout from all Microsoft accounts linked with your default web browser manually, or using this link https://login.microsoftonline.com/logout.srf.

2. Navigate to the Service folder of the MPS e.g. C:\SafeQ5\MobilePrint\Service.

3. Run OAuthClient.exe from command line. Client is located in Service folder of the MPS e.g. C:\SafeQ5\MobilePrint\Service\OAuthClient.exe. Command must be executed directly on the machine with the installed MPS or using remote desktop session to the machine. Run the tool with following arguments:

   1. provider - "Microsoft" for Microsoft Exchange Online IMAP

   2. user - authorization identification to be later used in YSoft Mobile Print Service Downloader, e.g. username of the GMail account that will be used in MPS

      Example

      OAuthClient.exe Microsoft johndoe@johndoe.onmicrosoft.com

4. New window with Internet browser will open on the machine with installed MPS. Sign in with the username and password that will be used in the MPS. Should be the same as username specified in the config file.

   

5. Grant permission for Read and write to your mail.
   
   

6. On success, confirmation message will appear in the browser and console app.

7. Then you can proceed to the Mobile print server configuration. First of all Stop the Ysoft SafeQ Mobile print Server in services manager

   

8. Navigate to the conf folder of the MPS e.g. C:\SafeQ5\MobilePrint\Service\conf.

9. Open mps.config in your favorite text editor.

10. Fill in the key values of the emailSources:

    • type: ImapOAuthMicrosoft

    • host:outlook.office365.com 

    • userName must be same as user used with OAuthClient.exe, e.g. johndoe@johndoe.onmicrosoft.com

    • password should be empty

    • port: 993

    • secure: True

    Example

    <?xml version="1.0" encoding="utf-8"?>

    <mps version="6">

    <!-- AFTER CHANGING THIS CONFIGURATION PLEASE RESTART OR START THE "YSoft Mobile Print Server" SERVICE MANUALLY. -->

    <folderSources>

    <add host="127.0.0.1" path="C$\SafeQ6\SPOC\server\mobile" userName="" password="" downloadInterval="1000" />

    </folderSources>

    <emailSources>

    <!--Fill in.--> <add type="ImapOAuthMicrosoft" host="outlook.office365.com" userName="johndoe@johndoe.onmicrosoft.com" password="" port="993" secure="True" />

    </emailSources>

    <failedFiles folder="Failed" maxAge="604800" />

    <localization language="en" default="en" />

    <communicator connectionLostTimeout="10000" controllerPort="5555" />

    </mps>

11. Save the changes.

12. Start Ysoft SafeQ Mobile print Server in the services manager.

Could not retrieve access token from the OAuth storage

This is a common issue when we misconfigure usernames in config files, or there is some problem with files in oauth-storage.

1. Check your configuration files. OAuthClient.exe.config user key value should be the should be the same as OAuthClient.exe user argument. For more details look at chapter Configuring OAuth Client.

2. Remove everything from the oauth-storage. Default location of the storage C:\SafeQ5\MobilePrint\Service\oauth-storage

3. Run OAuthClient.exe again. For detailed instructions take a look in Configuring OAuth Client chapter of this page.

Cannot refresh access token

This error message can be found in the logs when we are refreshing the access token.

This could mean that we are unable to contact the OAuth provider or there is a problem with the Azure application.

To fix this issue follow this steps:

1. Remove everything from the oauth-storage. Default location of the storage C:\SafeQ5\MobilePrint\Service\oauth-storage

2. Run OAuthClient.exe again. For detailed instructions take a look in Configuring OAuth Client chapter of this page.

Test connection was not successful

This error message can be found in the logs when we are unable to read edit or delete messages of the account used in MPS.

This can be caused by removing permissions to the application in the account.

To check which applications have access to the account you can visit My Account and show App permissions.

If you do not see your application in the App permissions or you have issues with the authentication follow those steps:

1. Remove everything from the oauth-storage. Default location of the storage C:\SafeQ5\MobilePrint\Service\oauth-storage

2. Make sure everything is configured correctly.

3. Run OAuthClient.exe again. For detailed instructions take a look in Configuring OAuth Client chapter of this page.

Need admin approval

This error message (see the image bellow) can be found during authorization with Microsoft when the authorization requires permissions of your organization administrator.

If you have the admin credentials, use them to finish the authorization by choosing the first option. Otherwise, please contact your organization administrator to give you permissions to use the application or to consent on your behalf . If needed, run OAuthClient.exe again. For detailed instructions take a look in Configuring OAuth Client chapter of this page.

Client secret could not be retrieved

This error message can be found in the logs when the token is expired and we try to obtain the new one but we are unable to get one.

This could mean that we are unable to contact the OAuth provider or there is a problem with the Azure application e.g. OAuth client ID or secret has changed. 

To fix this issue follow this steps:

1. Remove everything from the oauth-storage. Default location of the storage C:\SafeQ5\MobilePrint\Service\oauth-storage

2. Run OAuthClient.exe again. For detailed instructions take a look in Configuring OAuth Client chapter of this page.

Changing or adding another service account

If you are changing or adding another account, and the old one is still logged in your default web browser. Whole verification process may be skipped for newly used account.

You need to logout from any logged in Microsoft account from your default web browser, if you see " Please return to the app. " in you web browser right after running OAuthClient.exe command.