How to create Oauth2 credentials for Microsoft Apps (Outlook)

In this guide, I’ll walk through the process of setting up OAuth for Microsoft Outlook using the Azure App Registrations portal.

This lets your app connect securely to Microsoft Graph APIs (which power Outlook, OneDrive, Teams, etc.).

Note: You do not need a Microsoft 365 Developer sandbox for this. A free Microsoft personal account is enough to register an OAuth app.

Step 1: Create an Azure App Registration

1. Go to the Azure Portal.

2. In the left-hand menu, search for App registrations and click + New registration.

3. Fill in your app details:

• Name: Example → Outlook Integration

• Supported account types:

  • Choose Accounts in any organizational directory and personal Microsoft accounts (so both work/school and personal Outlook accounts can log in).

• Redirect URI (optional): Choose Web and paste:

<https://backend.composio.dev/api/v3/toolkits/auth/callback>

4. Click Register.

Step 2: Generate Client Credentials

Once your app is created, you’ll be redirected to its Overview page.

1. Copy the Application (client) ID — this is your Client ID.

2. From the sidebar, go to Certificates & secrets → + New client secret.

   • Add a description and set expiry (6 or 12 months recommended).

   • Copy the generated Client Secret and save it securely.

⚠️ Important: You won’t be able to see the secret again once you leave the page.

Step 3: Configure API Permissions

Now, we’ll give the app permissions to access Outlook data.

1. In the sidebar, click API Permissions → + Add a permission.

2. Select Microsoft Graph.

3. Choose Delegated permissions.

4. Add the required common Outlook-related scopes, such as:

   • Mail.Read → Read user’s emails

   • Mail.Send → Send emails on behalf of the user

   • offline_access → Enable refresh tokens

   • openid profile email → Basic login profile

Click Add permissions.

Step 4: Update Redirect URIs

1. From the sidebar, open Authentication.

2. Under Redirect URIs, make sure this URL is added:

<https://backend.composio.dev/api/v3/toolkits/auth/callback>

3. Under Advanced settings, enable Allow public client flows (this makes it easier to test).

Save changes.

Step 5: Create the Auth Config in Composio

With your Client ID and Client Secret ready, head over to the Composio Dashboard.

1. Click Create Auth Config.

   

2. Select Microsoft Tenant (or Microsoft Teams if listed).

   

3. Choose OAuth2 as the authentication type.

4. Check Use your own developer authentication.

5. Paste in your:

   • Client ID → from Azure App Registration

   • Client Secret → from Certificates & secrets

   

   • Redirect URI →

   <https://backend.composio.dev/api/v3/toolkits/auth/callback>

6. Save the config.

Step 6: Authorize and Connect

1. In Composio, click Connect Account for the Outlook config.

2. You’ll be redirected to Microsoft’s login screen.

3. Approve the requested permissions (Mail.Read, Mail.Send, etc.).

4. Composio stores the tokens once authorization succeeds.

API Base URL

For Microsoft Graph (which powers Outlook), the base URL is:

<https://graph.microsoft.com/v1.0>

Example endpoints:

• List user emails → /me/messages

• Send email → /me/sendMail

Once done, copy the auth config ID (which starts with ac_) and use it in your application code via a secret manager.

Scopes for Other Microsoft Apps

If you want to integrate with other Microsoft services, you can reuse the same Azure app. Just add the required scopes in both Azure and Composio:

• OneDrive → Files.ReadWrite, Files.read.all

• Teams → Channel.ReadWrite.All

• Sharepoint → List.Read

• Excel → Files.ReadWrite

Once scopes are added, you can configure additional auth configs in Composio for each service.