Forum Discussion
Authentication Failure for IMAP and POP3 using Client Credential flow for OAuth2.0 | Java
Hi. I had the same problem, but I think I made some progress.
I read documentation few times, tried few times from the start with same error. I even have tried using client and object ids instead of email as username, in lack of better ideas.
So this is where I think I have made mistake previous times.When you are at the part that you need to register service principal, you need to execute
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]here I put enterprise application object id as ServiceId argument. And that is ok.
But on
Add-MailboxPermission -Identity "email address removed for privacy reasons" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccessI have put my registered application object id as User argument. I also tried setting object id of enterprise application, but it did not have success.
I also tried New-ServicePrincipal but with registered app object id as service id, but it gave me the same result.
When I executed
Get-ServicePrincipal -Organization <ORGANIZATION_ID> | flI did not pay attention to ServiceId property, even with documentation specifying it and saying it will be different.
Now I cleared everything and started fresh.
I executed all the steps again, but on the step when I need to add mail permission, I list service principals, and then use `ServiceId` value from the output, as argument for user.
With that, I was able to authorise.
Unfortunately, now I receive `C3 BAD User is authenticated but not connected.` when I try to list inbox. But it is step forward.
I am not sure if you made the same error as me, but maybe it will help you in some way.
I will post info, when I find fix for the new error if somebody comes across same issue.
I created mail store through my code and also created it using Spring Integration Mail, one after another.
So when I removed one, I did not get error. Probably something unimportant.
I think I finally have working code. 😄
jambo Yes, that is the Tenant ID.
Probably you can execute command without Organization ID if you only have one tenant, but it is easier with it, just to be sure.
Still can't get it to work. When executing the command "Get-ServicePrincipal -Organization <ORGANIZATION_ID> | fl" the serviceId outputted is the same value as OBJECT_ID in the New-ServicePrincipal command, which happens to be equals to Object ID field in the Azure application Overview. Is this correct? From your description, the serviceId value from Get-ServicePrincipal should be different to OBJECT_ID but in my case, they it is the same.
- Not that you mentioned it, it looks like I saw wrong. ServiceId is the same as one that I used.
But I used ObjectId from Enterprise Application View, instead of App Registration view.
I used that object ID for creating new principal and for adding mail box permission.
I will retry everything again, to be sure and I will get back to you.