Guides
WebSiteHomeAcademy

Microsoft Graph App Registration for Hotmail (Device Code Flow)

Suggest Edits

This document explains how to create and configure a Microsoft application so that Arpia Workshop objects can pull emails and calendar events from a Hotmail/Outlook.com account using the Microsoft Graph API and Device Code OAuth flow.

1️⃣ Create an App Registration

  1. Go to Entra admin center → App registrations → New registration.
  2. Name: e.g., Arpia Hotmail Pull.
  3. Supported account types:
    • Choose “Accounts in any organizational directory and personal Microsoft accounts” (recommended) OR “Personal Microsoft accounts only.”
    • This is required for @hotmail.com / @outlook.com accounts.
  4. Redirect URI: leave blank (Device Code does not need one).
  5. Click Register.
  6. Copy the Application (client) ID. You’ll paste this into Arpia Workshop config.

✅ At this point you have a registered app.

2️⃣ Enable Public Client Flow

  1. In your new app, go to Authentication → Advanced settings.
  2. Set Allow public client flows to Yes.
    • This is required for Device Code / native apps (which cannot store a client secret).
  3. Save changes.

3️⃣ Configure API Permissions

  1. Go to API permissions → Add a permission → Microsoft Graph → Delegated permissions.
  2. Add the following delegated permissions:
    • Mail.Read
    • Calendars.Read
  3. No client secret or admin consent is needed for personal accounts. You will grant consent during sign-in.

MSAL also requests openid, profile, and offline_access automatically. These provide identity info and refresh tokens so the session can persist.

4️⃣ Use in Arpia Workshop

In your Arpia Workshop object (config.html form):

  • Client ID → paste the Application (client) ID you copied.
  • Authorityhttps://login.microsoftonline.com/consumers (best for Hotmail accounts).
  • Scopes → keep as: openid profile offline_access Mail.Read Calendars.Read.

5️⃣ Running the Flow

  1. Run your Arpia object.
  2. On first run, you’ll see a Device Code prompt:
    • A Microsoft URL
    • An 8-character code
  3. Open the URL in a browser, enter the code, and approve the requested permissions.
  4. The job will continue and fetch emails + calendar data.

6️⃣ Troubleshooting

  • invalid_client / public client not allowed → Ensure Allow public client flows = Yes.
  • Consent screen loops → Ensure account type = Any directory + personal or Personal Microsoft accounts only.
  • Token works once then fails → Ensure you requested offline_access scope so refresh tokens are issued.

✅ Summary

  • No secret required.
  • Only need App ID + delegated scopes.
  • Works with Device Code login.
  • Supports Hotmail/Outlook personal accounts directly.

This configuration allows your Arpia Workshop object to authenticate securely and continuously sync emails and calendar events from Microsoft Graph.

Updated 18 days ago