Forum Discussion

ledniov's avatar
ledniov
Copper Contributor
May 05, 2020
Solved

Cannot connect to IMAP and SMTP using OAuth2.0 to Exchange Online

Last week the support for IMAP and SMTP using OAuth2.0 has been announced. Following https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-...
exchange online
office 365
  • ledniov's avatar
    ledniov
    May 17, 2020

    A quote of the Stack Overflow reply from:

    IMAP, SMTP scopes are targeted for Exchange resource and not Graph. Whereas User.Read, Mail.ReadWrite are meant for Graph resource.

    We do not support generation of tokens that are meant for two resources. Hence the error "Provided value for the input parameter scope is not valid because it contains more than one resource."

    You should generate two tokens separately by two calls to /token. 1. One with the IMAP, SMTP scopes generated for the Exchange resource. 2. The other with Graph scopes (User.Read, Mail.ReadWrite) meant for Graph resource.

    https://stackoverflow.com/a/61678485/1126831

ledniov's avatar
ledniov
Copper Contributor
May 17, 2020

A quote of the Stack Overflow reply from:

IMAP, SMTP scopes are targeted for Exchange resource and not Graph. Whereas User.Read, Mail.ReadWrite are meant for Graph resource.

We do not support generation of tokens that are meant for two resources. Hence the error "Provided value for the input parameter scope is not valid because it contains more than one resource."

You should generate two tokens separately by two calls to /token. 1. One with the IMAP, SMTP scopes generated for the Exchange resource. 2. The other with Graph scopes (User.Read, Mail.ReadWrite) meant for Graph resource.

https://stackoverflow.com/a/61678485/1126831

VinyakPM's avatar
VinyakPM
Copper Contributor
Jul 02, 2020

Hi ledniov ,

 

I'm trying to perform similar task , connect with exchange online through IMAP and send mail using SMTP. Even I'm getting similar error described above. 

 

Could you please share screenshot of scopes added in MS Azure. I was not able to look for scopes 

https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send.

 

I do have "https://graph.microsoft.com/IMAP.AccessAsUser.All and https://graph.microsoft.com/SMTP.Send" scopes add but I get error for IMAP "javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:731)"

and for SMTP "535 5.7.3 Authentication unsuccessful "

Access Token Request

" {
"token_type": "Bearer",
"scope": "IMAP.AccessAsUser.All SMTP.Send User.Read",
"expires_in": "3599",
"ext_expires_in": "3599",
"expires_on": "1593612618",
"not_before": "1593608718",
"resource": "https://graph.microsoft.com",
"access_token": "**",
"refresh_token": "**",
"id_token": "**"
}"

 

It would be help full if you are able to share the screenshot. I have attached mine permission screen , let me know if I'm doing something wrong

  • VinyakPM's avatar
    VinyakPM
    Copper Contributor
    Jul 02, 2020

    ledniov Even Microsoft support team says that they have removed scopes

    https://outlook.office365.com/IMAP.AccessAsUser.All 

    https://outlook.office365.com/SMTP.Send 

    They are recommending to use Graph permission/scopes.

    Is your application still able to connect using Graph scopes 

    • Snuff_Daddy's avatar
      Snuff_Daddy
      Copper Contributor
      Aug 08, 2020

      VinyakPM 

       

      The correct scope is "offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send"

       

      Also, I've seen it fail if you are trying to use a secondary alias.  Make it primary by going to "Manage how you sign in to Microsoft" in your Microsoft account settings at https://account.live.com

Resources