Announcing OAuth Support for POP in Exchange Online

Thanks for the reply Sivaprakash_saripalli. I am using the https://github.com/eclipse-ee4j/mail client to connect. I have opened up a https://github.com/eclipse-ee4j/mail/issues/461 to find out if this is an issue with how the client connects, or missing properties on my application. I believe this is different to how https://developers.google.com/gmail/imap/xoauth2-protocol where the authentication command is not split into two lines, which would explain why it works for Gmail, but not Microsoft Exchange. 

The specification does show the connection being made via two requests, so I will see what the response is on the Java client. Thanks for highlighting this.

Craig.

crshan Anand_Vashishtha Are you splitting the auth command into two lines as suggested in the example for POP? https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#pop-protocol-exchange

Hi Anand_Vashishtha,

I'm also having the same problem where I am able to get authentication with OAuth working for IMAP but not POP. Have you been able to resolve this issue? I have added the POP scope listed on the detailed steps but the authentication failed with the same error that you see "ERR Protocol error. Connection is closed. 10". 

https://docs.microsoft.com/en-gb/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

Here is the debug logs from Java Mail:

DEBUG POP3: connecting to host "http://outlook.office365.com/", port 995, isSSL true
+OK The Microsoft Exchange POP3 service is ready. 
CAPA
+OK
TOP
UIDL
SASL PLAIN XOAUTH2
USER
.
DEBUG POP3: Attempt to authenticate using mechanisms: XOAUTH2
DEBUG POP3: Using mechanism XOAUTH2
DEBUG POP3: AUTH XOAUTH2 command trace suppressed
DEBUG POP3: AUTH XOAUTH2 failed

As you can see the OAuth connection failed, however the same token works for IMAP and it has both IMAP and POP scopes. I'm not sure what is going on here and if it is an issue on the client, or if POP is not working or implemented. 

The_Exchange_Team  Any help would be appreciated!

Thanks,

Craig. 

I've registered my app on Azure and have enabled API Application Permissions for MS Graph( POP.AccessAsUser.All, User.ReadBasic.All, User.Read.Write).

I'm able to request a valid OAuth token from Graph endpoints. However, when I use the token and try to log into the POP server, I get the following error:
-ERR Protocol error. Connection is closed. 10

The login works fine if I use Basic Auth instead of OAuth.

I'm not sure how to troubleshoot this. Any info or suggestions would be much appreciated!

---

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow that enables access without a user account is not supported. If your application needs persistent access to all mailboxes in a Microsoft 365 organization, we recommend that you use the Microsoft Graph API’s which allow https://docs.microsoft.com/en-us/graph/auth-v2-service in addition to access on behalf of a user, enable granular permissions and let administrators https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access.

 

But why? We have background services sending and reading emails using SMTP, POP and IMAP, without user interaction. Adding OAuth2 for authentication will make those protocols just as safe as all other places where OAuth2 is implemented.

We were waiting for this, and now we are still forced to implement Graph API, because the grant flow we need will not be supported...

OAuth2 and SMTP works perfectly for Gmail.  Why is Microsoft still forcing us to implement another protocol specifically for handling Exchange Email ???

When will Outlook.com consumer version support this functionality to access Outlook 365 mailboxes?

Great news!

Will any of the Microsoft email clients support OAUTH for POP/IMAP/SMTP?