I tried to follow the instructions at https://github.com/jstedfast/MailKit/blob/master/ExchangeOAuth2.md for implementing OAuth2 authentication to access an Exchange 365 server via IMAP.

As written, the line:

        var authToken = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();

throws an exception complaining about only http://localhost is available.

When I added that endpoint to the Azuare redirect URI and changed the redirect when building PublicClientApplicationOptions I was able to access the server after granting permission in a browser window.

This is under Windows 11 (latest updates installed) using C# 11 and NET7 with the latest version of MailKit from nuget.

Looks like it depends on whether your app is using an embedded browser control or the system browser:

The redirect_uri of your app, where authentication responses can be sent and received by your app. It must exactly match one of the redirect URIs you registered in the portal, except it must be URL-encoded. For native and mobile apps, use one of the recommended values: https://login.microsoftonline.com/common/oauth2/nativeclient for apps using embedded browsers or http://localhost for apps that use system browsers.

Darn! Misunderstood the fine print again :).

Thanx for the quick feedback. BTW, the library is awesome! Although, admittedly, interacting with Exchange is such a PITA that anything which provided any assistance at all would be good.

That quote was from Microsoft's docs, but the ExchangeOAuth2.md file should be updated to contain the same info because this will likely trip others up as well.

I also need to update it for service-to-service auth.

Fixed now.