Blog Post

Exchange Team Blog
6 MIN READ

Notes from the field: Using OAuth for ActiveSync and POP/IMAP in Exchange Online

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Aug 22, 2022
Hopefully, you have read some of our announcements around disabling Basic authentication in Exchange Online. We are getting close to the end of a more than three-year long journey. Microsoft is goi...
Updated Aug 22, 2022
Version 2.0
Client Access
exchange online
tips 'n tricks
apexxx's avatar
apexxx
Copper Contributor
Aug 24, 2022

Hi,

i can get the example with the clientsecret in the Get-IMAPAccessToken.ps1 to work without any problems.

 

 

.\Get-IMAPAccessToken.ps1 -tenantID "0xxxxxxxxxxxxxxx0" -clientId "7xxxxxxxxxxxxxxxxxxx4" -clientsecret 'Fxxxxxxxxxxl' -targetMailbox "email address from SharedMailbox"

 

 

No password required or anything, this instantly lists the folders.

The other examples give me the same, following error:

 

 

.\Get-IMAPAccessToken.ps1 -tenantID "0xxxxxxxxxxxxxxx0" -clientId "7xxxxxxxxxxxxxxxxxxx4" -redirectUri "https://xxxx.com/api/callback" -LoginHint "email address from User with FULL Access for SharedMailbox" -SharedMailbox "email address from SharedMailbox"

(I get a popup asking for credentials and MFA for the usermailbox)

Ran into an exception while getting accesstoken user grant flow
A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 7xx
Correlation ID: 2xx
Timestamp: 2022-08-24 13:26:18Z
GetMsalTokenFailureAuthenticationError,Get-MsalToken

 

 

 

.\Get-IMAPAccessToken.ps1 -tenantID "0xxxxxxxxxxxxxxx0" -clientId "7xxxxxxxxxxxxxxxxxxx4" -redirectUri "https://xxxx.com/api/callback" -LoginHint "email address from SharedMailbox"

(I get a popup asking for credentials and MFA for the SharedMailbox)
Ran into an exception while getting accesstoken user grant flow
A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Trace ID: 7xx
Correlation ID: 2xx
Timestamp: 2022-08-24 13:25:16Z
GetMsalTokenFailureAuthenticationError,Get-MsalToken

 

 

SharedMailbox is enabled and has password/MFA setup, so i should be able to use it in all cases. But at least opening it als user with FullAccess should work right?

 

What am i missing here?

Cheers