Sending Office365 Email using SMTP with OAuth2 without Browser Interaction

Yes — it is possible to use Chilkat SMTP with OAuth2 for Office365 without any browser interaction at runtime by using the OAuth2 Client Credentials flow.

This differs from the typical OAuth2 flows (Authorization Code or Device Code) where a user must sign in through a browser and grant consent. With Client Credentials, the application authenticates directly with Microsoft Entra ID using its own credentials, and Chilkat can automatically obtain the OAuth2 access token when needed.

This works well for server-side or automated applications where no interactive login is possible.

How the Client Credentials flow works

Instead of a user login, the application authenticates using:

  • client_id
  • client_secret
  • tenant_id
  • OAuth2 token endpoint

These parameters allow the application to request an access token directly from Microsoft Entra ID.

With Chilkat, you do not need to manually request the token yourself. Starting with Chilkat v9.5.0.97, you can provide these parameters to Chilkat and it will automatically obtain and refresh the OAuth2 access token internally as needed.

The following example demonstrates how to configure this:

https://www.example-code.com/powerbuilder/office365_client_credentials.asp

In the example, JSON is constructed containing the client credentials information and assigned to OAuth2AccessToken. In this mode, the value assigned to OAuth2AccessToken is not literally an access token. Instead, it is a JSON object containing the parameters Chilkat needs in order to request the token automatically.

For example:

{
  "client_id": "...",
  "client_secret": "...",
  "token_endpoint": "https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token",
  "scope": "https://outlook.office365.com/.default"
}

When this JSON is assigned to mailman.OAuth2AccessToken, Chilkat will internally perform the OAuth2 token request and cache/refresh the token as needed.

Your SMTP settings would remain the normal Office365 SMTP settings, for example:

  • SMTP host: smtp.office365.com
  • Port: 587
  • StartTLS: enabled
  • SMTP username: the Office365 mailbox address you are sending from

Important Microsoft configuration requirement

For this to work, the Microsoft 365 tenant must be configured to allow app-only SMTP authentication.

This requires a one-time setup in Microsoft Entra ID and Exchange Online:

  1. Create an App Registration in Microsoft Entra ID.
  2. Add the API permission:
    • Office 365 Exchange Online → Application permission → SMTP.SendAsApp
  3. Grant admin consent for the permission.
  4. Create a client secret for the application.
  5. Register the application's service principal in Exchange Online.
  6. Grant the service principal permission to send as the mailbox (SendAs / FullAccess).

Once this configuration is complete, the application can authenticate using client credentials and send email through SMTP without any user interaction.

Also note that SMTP AUTH must be enabled for the tenant or mailbox. Some Microsoft 365 tenants disable SMTP AUTH by default, so it may need to be enabled in Exchange settings.

Summary

So the answer is yes — you can send email using Chilkat SMTP with OAuth2 for Office365 without browser interaction, provided that:

  • You use the OAuth2 Client Credentials flow
  • The Azure/Entra app is configured with SMTP.SendAsApp permissions
  • The mailbox allows the application to send as it

Once this is set up, Chilkat can automatically request the OAuth2 access token and handle token refresh internally.