Forum Discussion

manish1614's avatar
manish1614
Brass Contributor
Jul 19, 2022
Solved

Authentication Failure for IMAP and POP3 using Client Credential flow for OAuth2.0 | Java

I am facing an authentication failure issue while trying to connect for both IMAP and POP3 protocols using the Client Credential Grant flow for OAuth2.0 Where, I have been following the steps sugges...
exchange
office 365
  • borist2's avatar
    borist2
    Jul 29, 2022

    Hi. I had the same problem, but I think I made some progress.

     

    I read documentation few times, tried few times from the start with same error. I even have tried using client and object ids instead of email as username, in lack of better ideas.


    So this is where I think I have made mistake previous times.

     

    When you are at the part that you need to register service principal, you need to execute

     

    New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]

     

     here I put enterprise application object id as ServiceId argument. And that is ok.

     

    But on 

     

    Add-MailboxPermission -Identity "email address removed for privacy reasons" -User 
<SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

     

    I have put my registered application object id as User argument. I also tried setting object id of enterprise application, but it did not have success.

    I also tried New-ServicePrincipal but with registered app object id as service id, but it gave me the same result.

     

    When I executed 

     

    Get-ServicePrincipal -Organization <ORGANIZATION_ID> | fl

     

     

    I did not pay attention to ServiceId property, even with documentation specifying it and saying it will be different.

     

    Now I cleared everything and started fresh.

    I executed all the steps again, but on the step when I need to add mail permission, I list service principals, and then use `ServiceId` value from the output, as argument for user.

     

    With that, I was able to authorise. 

     

    Unfortunately, now I receive `C3 BAD User is authenticated but not connected.` when I try to list inbox. But it is step forward.

     

    I am not sure if you made the same error as me, but maybe it will help you in some way.

    I will post info, when I find fix for the new error if somebody comes across same issue.  

DominikJasek's avatar
DominikJasek
Copper Contributor
Mar 13, 2023

manish1614 first of all, thanks for your post - it helps me a lot (especially I'm not JAVA developer at all :cool:)

 

Secondly, I would like to return the favor. You looked for the answer about POP3 issue, that it still not authenticate.

 

If everything is set correctly, you just have to switch to POP3S.

       properties.put("mail.pop3s.port", "995");

        properties.put("mail.pop3s.ssl.enable", "false");
        properties.put("mail.pop3s.starttls.enable", "true");
        properties.put("mail.pop3s.starttls.required", "true");

        properties.put("mail.pop3s.connectiontimeout", 5000);
        properties.put("mail.pop3s.timeout", 5000);
        properties.put("mail.pop3s.partialfetch", false);
        properties.put("mail.pop3s.auth.mechanisms", "XOAUTH2");

        properties.put("mail.pop3s.forgettopheaders", "true");
        properties.put("mail.pop3s.sasl.enable", "true");
        properties.put("mail.pop3s.sasl.mechanisms", "XOAUTH2");
        properties.put("mail.pop3s.auth.login.disable", "true");
        properties.put("mail.pop3s.auth.plain.disable", "true");

 

DEBUG: JavaMail version 1.6.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: setDebug: JavaMail version 1.6.2
DEBUG: getProvider() returning javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Oracle]
DEBUG POP3: mail.pop3s.rsetbeforequit: false
DEBUG POP3: mail.pop3s.disabletop: false
DEBUG POP3: mail.pop3s.forgettopheaders: true
DEBUG POP3: mail.pop3s.cachewriteto: false
DEBUG POP3: mail.pop3s.filecache.enable: false
DEBUG POP3: mail.pop3s.keepmessagecontent: false
DEBUG POP3: mail.pop3s.starttls.enable: true
DEBUG POP3: mail.pop3s.starttls.required: true
DEBUG POP3: mail.pop3s.finalizecleanclose: false
DEBUG POP3: mail.pop3s.apop.enable: false
DEBUG POP3: mail.pop3s.disablecapa: false
DEBUG POP3: connecting to host "outlook.office365.com", port 995, isSSL true
+OK The Microsoft Exchange POP3 service is ready.

 

Unfortunately it's failing then on something else, but at least we were authenticated... :lol:

DEBUG POP3: STLS required but not supported
QUIT
+OK Microsoft Exchange Server POP3 server signing off.
javax.mail.AuthenticationFailedException: STLS required but not supported

 

But that's another reason to switch to IMAP, and stop using POP3 - pardon POP3S

manish1614's avatar
manish1614
Brass Contributor
Apr 05, 2023
Just thanks is not enough, so I'd like to express my heartfelt gratitude for all the effort you put into taking my work one step forward. You did a truly excellent and remarkable work, and I feel fortunate to have someone like you as a collaborator.

Its a very appreciative work you did there by trying to resolve the POP3 related authentication problem. I appreciate your willingness to go above and beyond to help many people out there to achieve their goals.

Resources