1

Referred https://msdn.microsoft.com/en-us/office/office365/api/use-outlook-rest-api. Still I couldn't understand the AD, Outlook and windows live.

I got refresh token and access token from https://login.microsoftonline.com/common/oauth2/v2.0/authorize https://login.microsoftonline.com/common/oauth2/v2.0/token

and the scope

openid email profile offline_access https://outlook.office.com/mail.send https://outlook.office.com/mail.readwrite

Still i m getting error while connect imap using the access token.

imap.authenticate('XOAUTH2', 'xxxxxxx', access_token)
Net::IMAP::NoResponseError: AUTHENTICATE failed.
Kumar Siva
  • 349
  • 2
  • 5
  • 16

3 Answers3

2

I have finally gotten this to work. Interestingly I had to use the scope https://outlook.office365.com/IMAP.AccessAsUser.All although by now you have to register your app under the Graph API section in the Azure AD and the proposed Scope is https://graph.microsoft.com/IMAP.AccessAsUser.All which did not work for me (Authentication failed). Though I am not sure if that will change in the near future.

I used the properties as stated here: https://javaee.github.io/javamail/OAuth2

props.put("mail.imap.sasl.enable", "true");
props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
props.put("mail.imap.auth.login.disable", "true");
props.put("mail.imap.auth.plain.disable", "true");
mrudolf
  • 27
  • 5
  • Thanks, that is also I was looking for, but I faced different problem. This (graph) scope works with office365 accounts, while gives an error - invalid scope, if I login with personal Microsoft account, how this can be resolved? Or for personal accounts, I need to use different scopes and oath2 endpoints? – Vadym Kovalenko Mar 26 '20 at 08:47
  • With personal accounts you refer to outlook.com accounts? I have not tested those but assumed they should work alike. I would assume that you have to use a different endpoint and probably a different scope. Haven't found any documentation on that yet. – mrudolf Mar 27 '20 at 09:10
  • 1
    Yes. I'm able to use different endpoints - login.live.com. But them are already not recommended by MS in the documentation. That is why I asking. Also I just found out that - https://outlook.office365.com/IMAP.AccessAsUser do not work for me. Scope is invalid it says :( – Vadym Kovalenko Mar 27 '20 at 09:48
  • I have voted this answer down because it does not work with the official scope IMAP.AccessAsUser.All and the scope IMAP.AccessAsUser does not exist anymore. This will likely save some people the trouble trying this. Apparently OAuth for IMAP/SMTP is still a work in progress. – M66B Apr 05 '20 at 12:45
  • Thanks for your input. I have adjusted the answer above as the ```.All``` at the end of the first mentioned scope was missing. I agree, this is not a final solution and hopefully the scope as shown in the Azure directory starting with graph will be used but as of now it does not work. Unfortunately we cannot wait longer for the final solution so we have to work with what is present now. Maybe you can edit your comment so it is more clear which scopes we are talking about, the difference is the Prefix URL, the ```IMAP.AccessAsUser.All``` part is actually identical. – mrudolf Apr 07 '20 at 12:04
  • Seems that none of the scopes worked for me. @mrudolf, would you mind checking my question if I made some mistake there? https://stackoverflow.com/q/61597263/1126831 – ledniov May 04 '20 at 17:05
1

For those asking about IMAP for personal accounts -- Outlook.com
-- re: comment

Apparently the scopes for the consumer Outlook.com (also live.com) is wl.imap.
See old Microsoft doc on Scopes and permissions.

Also have a look at this example where the same scope is mentioned:
http://afterlogic.com/mailbee-net/docs/OAuth2MicrosoftRegularAccountsInstalledApps.html

BTW, we came across the old Microsoft doc from Clever Components article:

https://www.clevercomponents.com/articles/article049/

  • note: their claim this is for Office365 may be questionable, perhaps a documentation error on their part

which has a link to a Microsoft doc:

https://msdn.microsoft.com/en-us/windows/desktop/dn440163

which has a link to Scopes and permissions in the related section listed at the end of the page:

https://msdn.microsoft.com/en-us/windows/desktop/hh243646

In the Clever Components article, they used two scopes wl.imap and wl.offline_access.
They noted that:

Microsoft recommends to use the "wl.offline_access" scope together with "wl.imap". Otherwise, an app can access the user's info only when a user signs in to Live Connect and uses your app."

So if your application needs continuous access then you need to include the offline access scope.

mitel
  • 11
  • 2
  • This may be useful: Using Microsoft Hotmail/LIVE OAUTH + IMAP https://www.emailarchitect.net/eagetmail/sdk/?ct=object_oauth_live_a – mitel Apr 08 '20 at 18:24
  • I'd recommend this link https://afterlogic.com/mailbee-net/docs/OAuth2MicrosoftRegularAccountsInstalledApps.html (without ms prefix in the domain, that one causes false positive with my Kaspersky for some reason). – Alex Apr 09 '20 at 07:44
0

See latest Microsoft announcement on April 30, 2020.

Announcing OAuth 2.0 support for IMAP, SMTP client protocols in Exchange Online

Today, we’re announcing the availability of OAuth 2.0 authentication for IMAP, SMTP AUTH protocols to Exchange Online mailboxes.

mitel
  • 11
  • 2