Hi there,
I've had to go through this headache with external emails as well as attachments and whilst I can't give you our actual solution I'm sure I can give you some pointers.
Firstly head into portal.azure.com and go to 'Azure AD' and create a new application. From there you can set it use the 'Exchange API' and give it several permissions based on what your scope for the project is.
Here's a guide on adding and Azure AD App
Once that's done, go into the manifest of the AD App and change 'AllowImplicitFlow' to 'true'.
Now you have to set each Sharepoint web page that would be using this app in the Azure AD App - 'Reply URLS'
The next difficult part is considering security and protecting the Access Key exposed in an OAuth handshake. There's pages and pages on this stuff and I'd be wasting your time here. Once you've done the previous steps you can leverage whatever frameworks to authorize and protect the token.
JWT.io for example is a great standard.
And here's the REST API for Outlook/Exchange
Also here's a guide on authentication flows for Azure AD Apps
The main sticking points for me were the combination of different query parameter's required,
Here's what worked for me:
clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" (Azure AD App)
replyUrl = "https://tenant.sharepoint.com/reply.aspx" (You Decide)
endpointUrl = "https://outlook.office.com/api/v2.0/me/messages"
resource = "https://outlook.office.com/"
authServer = "https://login.windows.net/common/oauth2/authorize?"
responseType = "token"
url = authServer +
"response_type=" + responseType + "&" +
"client_id=" + clientId + "&" +
"resource=" + resource + "&" +
"redirect_uri=" + replyUrl
I have also found you can pass small strings in the "state" query parameter, it can be useful for certain functions in your SP solutions.
Hope this helps you out with your dev work.
