Open Google Developer Console, create a new project by https://console.developers.google.com/projectcreate.
After you created the project, select it from projects list as current project.
The Gmail/GSuite IMAP and SMTP servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol. Using OAUTH protocol, user can do authentication by Gmail Web OAuth instead of inputting user and password directly in application.
You can click here to learn more detail about "OAUTH/XOAUTH2 with Gmail SMTP Server".
Normal OAUTH requires user input user/password for authentication. Obviously, it is not suitable for background service. In this case, you should use google service account to access G Suite email service without user interaction. Service account only works for G Suite user, it doesn't work for personal Gmail account.
To use "G Suite Service Account OAUTH" in your application, you should create a project in Google Developers Console at first.
Important Notice: You can use any google user to create service account, it doesn't require service account owner is a user in G Suite. But G Suite administrator must authorize service account in G Suite Admin Console to access user mailbox.
Open Google Developer Console, create a new project by https://console.developers.google.com/projectcreate.
After you created the project, select it from projects list as current project.
Click "Credentials" -> "Manage service accounts"
Click "CREATE SERVICE ACCOUNT"
Input a name for your service account, click "CREATE"
In "Service account permissions", select "Project" -> "Owner" as role
In "Grant users access to this service account", keep everything default and click "DONE"
After service account is created, you should enable "Domain-wide delegation" and create service key pair to access G Suite user mailbox.
Go back to your service account, click "Edit" -> "SHOW DOMAIN-WIDE DELEGATION", check "Enable G Suite Domain-wide Delegation", input a name for product oauth consent, click "Save".
Go back to your service account again, click "Create Key", you can select "p12" or "json" key type, both can work well, then you will get a file which contains private key, save the file to local disk.
Now you have created service account with key pair successfully. You can use created private key in your codes to request "access token" impersonating a user in G Suite.
To access user data in G Suite, you must get authorization from G Suite administrator. You should go to service accounts list, click "View Client ID" like this:
Then record your "Client ID" and service account email address, forward it to G Suite administrator for authorization.
To use service account to access user mailbox in G Suite, G Suite Administrator should authorize specified service account at first.
Important Notice: You can use any google user to create service account, it doesn't require service account owner is a user in G Suite. But G Suite administrator must authorize service account in G Suite Admin Console to access user mailbox.
G Suite Administrator should open admin.google.com, go to Admin Console, click "Security";
Click "Advanced settings" -> "Manage API client access";
Input service account "Client ID" in Client Name, and input "https://mail.google.com/,email,profile" in One or More API Scopes, click "Authorize".
After G Suite administrator authorized service account, you can use it to access any users mailbox in G Suite domain.
The following examples demonstrate how to send email with service account + G Suite OAUTH
Example
[VB6 - Use service account to retrieve email impersonating user in G Suite Domain]
Const MailServerPop3 = 0
Const MailServerImap4 = 1
Const MailServerEWS = 2
Const MailServerDAV = 3
Const MailServerMsGraph = 4
Const MailServerAuthLogin = 0
Const MailServerAuthCRAM5 = 1
Const MailServerAuthNTLM = 2
Const MailServerAuthXOAUTH2 = 3
Const CRYPT_MACHINE_KEYSET = 32
Const CRYPT_USER_KEYSET = 4096
Private Function GenerateRequestData(GsuiteUser)
GenerateRequestData = ""
' service account email address
Const serviceAccount = "xxxxxx@xxxxxx.iam.gserviceaccount.com"
Const scope = "https://mail.google.com/"
Const aud = "https://oauth2.googleapis.com/token"
Dim jwt As New EAGetMailObjLib.SimpleJsonParser
Dim header, playload
header = jwt.JwtBase64UrlEncode("{""alg"":""RS256"",""typ"":""JWT""}")
Dim iat, exp
' token request timestamp
iat = jwt.GetCurrentIAT()
' token expiration time
exp = iat + 3600
playload = "{"
playload = playload & """iss"":""" & serviceAccount & ""","
playload = playload & """scope"":""" & scope & ""","
playload = playload & """aud"":""" & aud & ""","
playload = playload & """exp"":" & exp & ","
playload = playload & """iat"":" & iat & ","
playload = playload & """sub"":""" & gsuiteUser & """"
playload = playload & "}"
playload = jwt.JwtBase64UrlEncode(playload)
Dim cert As New EAGetMailObjLib.Certificate
' In web application, use CRYPT_MACHINE_KEYSET
cert.LoadFromFile "D:\myfolder\myoauth-77dec4d192ec.p12", "notasecret", CRYPT_USER_KEYSET
Dim signature
signature = jwt.SignRs256(cert, header & "." & playload)
If signature = "" Then
MsgBox "Failed to sign request data!"
Exit Function
End If
Dim dataToPost
dataToPost = header & "." & playload & "." & signature
GenerateRequestData = dataToPost
End Function
Private Function RequestAccessToken(requestData)
RequestAccessToken = ""
If requestData = "" Then
Exit Function
End If
On Error GoTo ErrorHandle
Dim httpRequest
Set httpRequest = CreateObject("MSXML2.ServerXMLHTTP")
requestData = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=" & requestData
httpRequest.setOption 2, 13056
httpRequest.Open "POST", "https://oauth2.googleapis.com/token", True
httpRequest.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
httpRequest.Send requestData
Do While httpRequest.ReadyState <> 4
DoEvents
httpRequest.waitForResponse (1)
Loop
Dim Status
Status = httpRequest.Status
If Status < 200 Or Status >= 300 Then
MsgBox "Failed to get access token from server."
MsgBox httpRequest.responseText
Exit Function
End If
Dim result
result = httpRequest.responseText
Dim oauthParser As New EAGetMailObjLib.OAuthResponseParser
oauthParser.Load result
Dim accessToken
accessToken = oauthParser.AccessToken
If accessToken = "" Then
MsgBox "Failed to parse access token from server response."
Exit Function
End If
RequestAccessToken = accessToken
Exit Function
ErrorHandle:
MsgBox "Failed to request access token." & Err.Description
End Function
Public Sub ReceiveMail()
On Error GoTo ErrorHandle
' GsuiteUser is the full email address of the user in GSuite, user@gsuitedomain
Dim GsuiteUser
GsuiteUser = "user@gsuitedomain"
Dim accessToken As String
' request access token from Google server by service account
' withou user interaction
accessToken = RequestAccessToken(GenerateRequestData(GsuiteUser))
If accessToken = "" Then
Exit Sub
End If
Dim oClient As New EAGetMailObjLib.MailClient
oClient.LicenseCode = "TryIt"
Dim oServer As New EAGetMailObjLib.MailServer
oServer.Server = "imap.gmail.com"
oServer.User = GsuiteUser
oServer.Password = accessToken
oServer.Protocol = MailServerImap4
oServer.AuthType = MailServerAuthXOAUTH2
oServer.SSLConnection = True
oServer.Port = 993 'SSL IMAP4
oClient.Connect oServer
Dim infos
Set infos = oClient.GetMailInfoList()
Dim i
For i = 0 To infos.Count - 1
Dim info
Set info = infos.Item(i)
MsgBox "UIDL: " & info.UIDL
MsgBox "Index: " & info.Index
MsgBox "Size: " & info.Size
MsgBox "Read: " & info.Read
MsgBox "Deleted: " & info.Deleted
Dim oMail
Set oMail = oClient.GetMail(info)
'Save mail to local
oMail.SaveAs "d:\tempfolder\" & i & ".eml", True
' Delete email from server
oClient.Delete info
Next
oClient.Quit
Exit Sub
ErrorHandle:
''Error handle
MsgBox Err.Description
oClient.Close
End Sub
[Visual C++ - Use service account to retrieve email impersonating user in G Suite Domain]
#include "stdafx.h"
#include <tchar.h>
#include <Windows.h>
#include "eagetmailobj.tlh"
using namespace EAGetMailObjLib;
#include "msxml3.tlh"
using namespace MSXML2;
const int MailServerPop3 = 0;
const int MailServerImap4 = 1;
const int MailServerEWS = 2;
const int MailServerDAV = 3;
const int MailServerMsGraph = 4;
const int MailServerAuthLogin = 0;
const int MailServerAuthCRAM5 = 1;
const int MailServerAuthNTLM = 2;
const int MailServerAuthXOAUTH2 = 3;
BOOL RequestAccessToken(const TCHAR* requestData, _bstr_t &accessToken)
{
try
{
IServerXMLHTTPRequestPtr httpRequest = NULL;
httpRequest.CreateInstance(__uuidof(MSXML2::ServerXMLHTTP));
if (httpRequest == NULL)
{
_tprintf(_T("Failed to create XML HTTP Object, please make sure you install MSXML 3.0 on your machine.\r\n"));
return FALSE;
}
_bstr_t fullRequest = _bstr_t("grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=") + requestData;
const char* postData = (const char*)fullRequest;
LONG cdata = strlen(postData);
LPSAFEARRAY psaHunk = ::SafeArrayCreateVectorEx(VT_UI1, 0, cdata, NULL);
for (LONG k = 0; k < (int)cdata; k++)
{
BYTE ch = (BYTE)postData[k];
::SafeArrayPutElement(psaHunk, &k, &ch);
}
_variant_t requestBuffer;
requestBuffer.vt = (VT_ARRAY | VT_UI1);
requestBuffer.parray = psaHunk;
_variant_t async(true);
_bstr_t uri(_T("https://oauth2.googleapis.com/token"));
httpRequest->setOption((MSXML2::SERVERXMLHTTP_OPTION)2, 13056);
httpRequest->open(L"POST", uri, async, vtMissing, vtMissing);
httpRequest->setRequestHeader(L"Content-Type", L"application/x-www-form-urlencoded");
httpRequest->send(requestBuffer);
while (httpRequest->readyState != 4) {
httpRequest->waitForResponse(1);
}
long status = httpRequest->status;
_bstr_t responseText = httpRequest->responseText;
if (status < 200 || status >= 300)
{
_tprintf(_T("Failed to get access token from server: %d %s\r\n"), status, (const TCHAR*)responseText);
return FALSE;
}
IOAuthResponseParserPtr oauthParser = NULL;
oauthParser.CreateInstance(__uuidof(EAGetMailObjLib::OAuthResponseParser));
oauthParser->Load(responseText);
accessToken = oauthParser->AccessToken;
if (accessToken.length() == 0)
{
_tprintf(_T("Failed to parse access token from server response: %d %s\r\n"), status, (const TCHAR*)responseText);
return FALSE;
}
return TRUE;
}
catch (_com_error &ep)
{
_tprintf(_T("Failed to get access token: %s"), (const TCHAR*)ep.Description());
return FALSE;
}
}
BOOL GenerateRequestData(const TCHAR* gsuiteUser, _bstr_t &requestData)
{
// service account email address
const TCHAR* serviceAccount = _T("xxxx@xxxx.iam.gserviceaccount.com");
const TCHAR* scope = _T("https://mail.google.com/");
const TCHAR* aud = _T("https://oauth2.googleapis.com/token");
ISimpleJsonParserPtr jwtPtr = NULL;
jwtPtr.CreateInstance(__uuidof(EAGetMailObjLib::SimpleJsonParser));
_bstr_t header = jwtPtr->JwtBase64UrlEncode(_T("{\"alg\":\"RS256\",\"typ\":\"JWT\"}"));
// token request timestamp
long iat = jwtPtr->GetCurrentIAT();
// token expiration time
long exp = iat + 3600;
TCHAR iatBuf[MAX_PATH + 1];
TCHAR expBuf[MAX_PATH + 1];
_stprintf_s(iatBuf, MAX_PATH, _T("%d"), iat);
_stprintf_s(expBuf, MAX_PATH, _T("%d"), exp);
_bstr_t playload = _bstr_t("{");
playload += _bstr_t("\"iss\":\"") + _bstr_t(serviceAccount) + _bstr_t("\",");
playload += _bstr_t("\"scope\":\"") + _bstr_t(scope) + _bstr_t("\",");
playload += _bstr_t("\"aud\":\"") + _bstr_t(aud) + _bstr_t("\",");
playload += _bstr_t("\"exp\":") + _bstr_t(expBuf) + _bstr_t(",");
playload += _bstr_t("\"iat\":") + _bstr_t(iatBuf) + _bstr_t(",");
playload += _bstr_t("\"sub\":\"") + _bstr_t(gsuiteUser) + _bstr_t("\"");
playload += _bstr_t("}");
playload = jwtPtr->JwtBase64UrlEncode(playload);
ICertificatePtr cert = NULL;
cert.CreateInstance(__uuidof(EAGetMailObjLib::Certificate));
// In web application, use CRYPT_MACHINE_KEYSET
cert->LoadFromFile(_T("D:\\MyData\\oauth-77dac4d192ec.p12"),
_T("notasecret"), CRYPT_USER_KEYSET));
_bstr_t signature = jwtPtr->SignRs256(cert, header + _bstr_t(".") + playload);
if (signature.length() == 0)
{
_tprintf(_T("Failed to sign request data!"));
return FALSE;
}
requestData = header + _bstr_t(".") + playload + _bstr_t(".") + signature;
return TRUE;
}
void ReceiveMail()
{
::CoInitialize(NULL);
try
{
// gsuiteUser is the full email address of the user in GSuite, for example: user@gsuitedomain
_bstr_t gsuiteUser = _T("user@gsuitedomain");
_bstr_t requestData, accessToken;
if (!GenerateRequestData(gsuiteUser, requestData))
{
return;
}
// request access token from Google server by service account
// withou user interaction
if (!RequestAccessToken((const TCHAR*)requestData, accessToken))
{
return;
}
IMailClientPtr oClient;
oClient.CreateInstance(__uuidof(EAGetMailObjLib::MailClient));
IMailServerPtr oServer;
oServer.CreateInstance(__uuidof(EAGetMailObjLib::MailServer));
oClient->LicenseCode = _T("TryIt");
oServer->Server = _T("imap.gmail.com");
oServer->User = gsuiteUser;
oServer->Password = accessToken;
oServer->Protocol = MailServerImap4;
oServer->AuthType = MailServerAuthXOAUTH2;
oServer->SSLConnection = VARIANT_TRUE;
oServer->Port = 993;
oClient->Connect(oServer);
IMailInfoCollectionPtr infos = oClient->GetMailInfoList();
for(long i = 0; i < infos->Count; i++)
{
IMailInfoPtr pInfo = infos->GetItem(i);
_tprintf(_T("UIDL: %s\r\n"), (TCHAR*)pInfo->UIDL);
_tprintf(_T("Index: %d\r\n"), pInfo->Index);
_tprintf(_T("Size: %d\r\n"), pInfo->Size);
_tprintf(_T("Read: %s\r\n"), (pInfo->Read == VARIANT_TRUE)?_T("TRUE"):_T("FALSE"));
_tprintf(_T("Deleted: %s\r\n"), (pInfo->Deleted == VARIANT_TRUE)?_T("TRUE"):_T("FALSE"));
IMailPtr oMail = oClient->GetMail(pInfo);
TCHAR szFile[MAX_PATH+1];
memset(szFile, 0, sizeof(szFile));
::wsprintf(szFile, _T("d:\\tempfolder\\%d.eml"), i);
//save to local disk
oMail->SaveAs(szFile, VARIANT_TRUE);
oMail.Release();
// delete email from server
oClient->Delete(pInfo);
}
oClient->Quit();
}
catch(_com_error &ep)
{
_tprintf(_T("ERROR: %s\r\n"), (TCHAR*)ep.Description());
}
}
[Delphi - Use service account to retrieve email impersonating user in G Suite Domain]
const
MailServerPop3 = 0;
MailServerImap4 = 1;
MailServerEWS = 2;
MailServerDAV = 3;
// Auth type
MailServerAuthLogin = 0;
MailServerAuthCRAM5 = 1;
MailServerAuthNTLM = 2;
MailServerAuthXOAUTH2 = 3;
CRYPT_MACHINE_KEYSET = 32;
CRYPT_USER_KEYSET = 4096;
function TForm1.RequestAccessToken(requestData: WideString): WideString;
var
httpRequest: TServerXMLHTTP;
oauthParser: TOAuthResponseParser;
fullRequest: OleVariant;
status: integer;
responseText: WideString;
accessToken: WideString;
begin
result := '';
httpRequest := TServerXMLHTTP.Create(Application);
fullRequest := 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=';
fullRequest := fullRequest + requestData;
httpRequest.setOption(2, 13056);
httpRequest.open('POST', 'https://oauth2.googleapis.com/token', true);
httpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
httpRequest.send(fullRequest);
while( httpRequest.readyState <> 4 ) do
begin
try
httpRequest.waitForResponse(1);
Application.ProcessMessages();
except
ShowMessage('Server response timeout (access token).');
exit;
end;
end;
status := httpRequest.status;
responseText := httpRequest.responseText;
if (status < 200) or (status >= 300) then
begin
ShowMessage('Failed to get access token from server.' + responseText);
exit;
end;
oauthParser := TOAuthResponseParser.Create(Application);
oauthParser.Load(responseText);
accessToken := oauthParser.AccessToken;
if accessToken = '' then
begin
ShowMessage('Failed to parse access token from server response.');
exit;
end;
result := accessToken;
end;
function TForm1.GenerateRequestData(gsuiteUser: WideString): WideString;
const
// service account email address
serviceAccount: WideString = 'xxxx@xxxx.iam.gserviceaccount.com';
scope: WideString = 'https://mail.google.com/';
aud: WideString = 'https://oauth2.googleapis.com/token';
var
jwt: TSimpleJsonParser;
cert: TCertificate;
pfxPath: WideString;
header: WideString;
playload: WideString;
signature: WideString;
iat, exp: integer;
begin
result := '';
SetThreadLocale(GetSystemDefaultLCID());
jwt := TSimpleJsonParser.Create(application);
header := jwt.JwtBase64UrlEncode('{"alg":"RS256","typ":"JWT"}');
// token request timestamp
iat := jwt.GetCurrentIAT();
// token expiration time
exp := iat + 3600;
playload := '{';
playload := playload + '"iss":"' + serviceAccount + '",';
playload := playload + '"scope":"' + scope + '",';
playload := playload + '"aud":"' + aud + '",';
playload := playload + '"exp":' + IntToStr(exp) + ',';
playload := playload + '"iat":' + IntToStr(iat) + ',';
playload := playload + '"sub":"' + gsuiteUser + '"';
playload := playload + '}';
playload := jwt.JwtBase64UrlEncode(playload);
cert := TCertificate.Create(application);
// load service account certificate to sign request data
pfxPath := 'D:\MyData\GSuite\outh-77aec4d192ec.p12';
cert.LoadFromFile(pfxPath, 'notasecret', CRYPT_USER_KEYSET);
signature := jwt.SignRs256(cert.DefaultInterface, header + '.' + playload);
if signature = '' then
begin
ShowMessage('Failed to sign request data!');
exit;
end;
result := header + '.' + playload + '.' + signature;
end;
procedure TForm1.ReceiveMail();
var
gsuiteUser, accessToken: WideString;
oServer: TMailServer;
oClient: TMailClient;
oTools: TTools;
oMail: IMail;
infos: IMailInfoCollection;
oInfo: IMailInfo;
localInbox, fileName: WideString;
i: Integer;
begin
try
gsuiteUser := 'user@gsuitedomain';
// request access token with service account
// gsuiteUser is the full email address of the user in GSuite, for example: user@gsuitedomain
accessToken := RequestAccessToken(GenerateRequestData(gsuiteUser));
if accessToken = '' then
exit;
// set current thread code page to system default code page.
SetThreadLocale(GetSystemDefaultLCID());
oTools := TTools.Create(Application);
// Create a folder named "inbox" under
// current directory to store the email files
localInbox := GetCurrentDir() + '\inbox';
oTools.CreateFolder(localInbox);
oServer := TMailServer.Create(Application);
oServer.Server := 'imap.gmail.com';
oServer.User := gsuiteUser;
oServer.Password := accessToken;
oServer.Protocol := MailServerImap4;
oServer.AuthType := MailServerAuthXOAUTH2;
// Enable SSL Connection
oServer.SSLConnection := true;
oServer.Port := 993;
oClient := TMailClient.Create(Application);
oClient.LicenseCode := 'TryIt';
oClient.Connect1(oServer.DefaultInterface);
ShowMessage('Connected!');
infos := oClient.GetMailInfoList();
ShowMessage(Format('Total %d email(s)', [infos.Count]));
for i := 0 to infos.Count - 1 do
begin
oInfo := infos.Item[i];
ShowMessage(Format('Index: %d; Size: %d; UIDL: ' + oInfo.UIDL,
[oInfo.Index, oInfo.Size]));
// Generate a random file name by current local datetime,
// You can use your method to generate the filename if you do not like it
fileName := localInbox + '\' + oTools.GenFileName(i) + '.eml';
// Receive email from IMAP server
oMail := oClient.GetMail(oInfo);
ShowMessage('From: ' + oMail.From.Address + #13#10 +
'Subject: ' + oMail.Subject);
// Save email to local disk
oMail.SaveAs(fileName, true);
// Mark email as deleted from IMAP server
oClient.Delete(oInfo);
end;
// Quit and expunge emails marked as deleted from IMAP server
oClient.Quit;
except
on ep:Exception do
ShowMessage('Error: ' + ep.Message);
end;
end;
end.
Remarks
You don't have to request access token every time, once you get an access token, it is valid within 3600 seconds.
If you don't want to use OAUTH 2.0, Gmail also supports traditional ESMTP authentication, but you need to enable Allowing less secure apps or Sign in using App Passwords.
Remarks
You don't have to request access token every time, once you get an access token, it is valid within 3600 seconds.
If you don't want to use OAUTH 2.0, Gmail also supports traditional IMAP authentication, but you need to enable Allowing less secure apps or Sign in using App Passwords.
See Also
Using EAGetMail POP3 & IMAP4 ActiveX Object
Registration-free COM with Manifest File
User Authentication and SSL Connection
Enable TLS 1.2 on Windows XP/2003/2008/7/2008 R2
Using Gmail IMAP4 OAUTH
Using Office365 EWS OAUTH
Using Office365 EWS OAUTH in Background Service
Using Hotmail IMAP4 OAUTH
Digital Signature and E-mail Encryption/Decryption
Unique Identifier (UIDL) in POP3 and IMAP4 protocol
Parse Bounced Email (delivery-report)
Work with winmail.dat (TNEF Parser)
EAGetMail ActiveX Object References
EAGetMail POP3 & IMAP4 Component Samples
Online Tutorials
VB6 - Retrieve Email using
Google/Gmail OAuth 2.0 Authentication + IMAP Protocol
VB6 -Retrieve Email using Gmail/G
Suite OAuth 2.0 + IMAP4 Protocol in Background Service (Service Account)
VB6 -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + IMAP4 Protocol from Hotmail/Outlook Account
VB6 -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + EWS/IMAP4 Protocol from Office 365 Account
VB6 -Retrieve Email
using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background
Service
Delphi - Retrieve Email using
Google/Gmail OAuth 2.0 Authentication + IMAP Protocol
Delphi -Retrieve Email using Gmail/G
Suite OAuth 2.0 + IMAP4 Protocol in Background Service (Service Account)
Delphi -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + IMAP4 Protocol from Hotmail/Outlook Account
Delphi -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + EWS/IMAP4 Protocol from Office 365 Account
Delphi -Retrieve Email
using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background
Service
VC++ - Retrieve Email using
Google/Gmail OAuth 2.0 Authentication + IMAP Protocol
VC++ -Retrieve Email using Gmail/G
Suite OAuth 2.0 + IMAP4 Protocol in Background Service (Service Account)
VC++ -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + IMAP4 Protocol from Hotmail/Outlook Account
VC++ -Retrieve Email using
Microsoft OAuth 2.0 (Modern Authentication) + EWS/IMAP4 Protocol from Office 365 Account
VC++ -Retrieve Email
using Microsoft OAuth 2.0 (Modern Authentication) + EWS Protocol from Office 365 in Background
Service