Forum Discussion

bhillier's avatar
bhillier
Copper Contributor
May 24, 2023

Help with error getting POP3 Client Credential flow for OAuth2.0

Hi all

 

I feel like I have done everything I can to resolve this and I am not quite there. Appreciate any advice or pointers anyone gives me

 

I am using the client credentials flow to try to connect to a pop3 mailbox using java.  I am obtaining a token ok (I believe) using the scope https://outlook.office365.com/.default and am encoding it as per MS instructions. 

 

 //base64("user=" + userName + "^Aauth=Bearer " + accessToken + "^A^A")

 

If I check my token via this site it looks ok https://jwt.ms/

 

When I use the token to connect to the mailbox I get the following error: "-ERR Protocol error. Connection is closed. 10"

 

Full debug below.

 

DEBUG: getProvider() returning javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Oracle]
DEBUG POP3: mail.pop3s.rsetbeforequit: false
DEBUG POP3: mail.pop3s.disabletop: false
DEBUG POP3: mail.pop3s.forgettopheaders: false
DEBUG POP3: mail.pop3s.cachewriteto: false
DEBUG POP3: mail.pop3s.filecache.enable: false
DEBUG POP3: mail.pop3s.keepmessagecontent: false
DEBUG POP3: mail.pop3s.starttls.enable: true
DEBUG POP3: mail.pop3s.starttls.required: false
DEBUG POP3: mail.pop3s.finalizecleanclose: false
DEBUG POP3: mail.pop3s.apop.enable: false
DEBUG POP3: mail.pop3s.disablecapa: false
DEBUG POP3: connecting to host "outlook.office365.com", port 995, isSSL true
+OK The Microsoft Exchange POP3 service is ready. [UwBZAEMAUABSADAAMQBDAEEAMAAwADAAMgAuAGEAdQBzAHAAcgBkADAAMQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
CAPA
+OK
TOP
UIDL
SASL PLAIN XOAUTH2
USER
.
USER (removed for privacy)
+OK
PASS dXNlcj1SZXhFc2JEZXYxQHN5ZC5jb20uYXUBYXV0aD1CZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSnViMjVqWlNJNklrTjVjRUpVTVRaVGVVUXhMWFEwWDJGd1oySktaRUZhY214WU9Hd3hUMFpYYmt0RlUyOXZSMU5VZFZraUxDSmhiR2NpT2l <snip>
-ERR Protocol error. Connection is closed. 10
QUIT
<EOF>

 

The mail proprerties I am setting are:

 

props.setProperty("mail.store.protocol", "pop3s");
        props.setProperty("mail.pop3s.host", "outlook.office365.com");
        props.setProperty("mail.pop3s.port", "995");
        props.setProperty("mail.pop3s.auth.enable", "true");
        props.setProperty("mail.pop3s.auth.mechanisms", "XOAUTH2");
        props.setProperty("mail.pop3s.auth.login.disable", "true");
        props.setProperty("mail.pop3s.auth.plain.disable", "true");
        props.setProperty("mail.pop3s.auth.xoauth2.disable","false"); false
        props.setProperty("mail.pop3s.auth.xoauth2.two.line.authentication.format", "true");  
               
        props.setProperty("mail.pop3s.ssl.trust", "*");
        props.setProperty("mail.pop3s.ssl.enable", "true");
        props.setProperty("mail.pop3s.sasl.enable", "true");
        props.setProperty("mail.pop3s.starttls.enable", "true"); 
        props.setProperty("mail.pop3s.starttls.required", "false");
        props.setProperty("mail.pop3s.forgettopheaders", "false");
       
        props.setProperty("mail.pop3s.sasl.mechanisms", "XOAUTH2");
        props.setProperty("mail.pop3s.sasl.authorizationid", clientid);
        props.setProperty("mail.pop3s.sasl.token", finalTokenString);
        props.setProperty("mail.pop3s.sasl.oauth2.access.token", finalTokenString);
        props.setProperty("mail.pop3s.sasl.scope", "https://outlook.office365.com/POP.AccessAsApp");
 
        Session emailsession = Session.getInstance(props);     
        Store store = emailsession.getStore("pop3s");         
        store.connect("outlook.office365.com", username, finalTokenString);
 

 

 

    • bhillier's avatar
      bhillier
      Copper Contributor

      Kidd_Ip 

       

      I have narrowed this down because I can succesfully authenticate with Curl.

       

      < +OK The Microsoft Exchange POP3 service is ready. [UwBZADUAUAAyADgAMgBDAEEAMAAwADcAOQAuAEEAVQBTAFAAMgA4ADIALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
      > CAPA
      < +OK
      < TOP
      < UIDL
      < SASL PLAIN XOAUTH2
      < USER
      < .
      > AUTH XOAUTH2
      < +
      > dXNlcj1SZXhFc2JRwYm1Sdm<Snip>
      < +OK User successfully authenticated.
      > LIST
      < +OK 0 0

       

      So the issue is my java mail client is sending "PASS" instead of "AUTH XOAUTH2"

      I am sure I have set up my java properties correctly so how do I force it to do this?

       

      (Thanks for replying)

Resources