JavaMail connecting to Office 365 XOAUTH2 for IMAP Authentication fails

%3CLINGO-SUB%20id%3D%22lingo-sub-1505026%22%20slang%3D%22en-US%22%3EJavaMail%20connecting%20to%20Office%20365%20XOAUTH2%20for%20IMAP%20Authentication%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1505026%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22post-text%22%3E%3CP%3EFacing%20connectivity%20issue%20with%20Office365%20online%20with%20OAuth2.0%20I%20have%20set%20up%20the%20application%20permissions%20and%20IMAP%20and%20SMTP%20connection.Basic%20authentication%20seems%20to%20be%20work%20fine.%20I%20believe%20IMAP%20is%20enabled.%20My%20application%20is%20configured%20as%20Accounts%20in%20any%20organizational%20directory%20(Any%20Azure%20AD%20directory%20-%20Multitenant)%20and%20uses%20grant%20type%20authorization%20code.%3C%2FP%3E%3CP%3EAnd%20Delegated%20Microsoft%20Graph%20scopes%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2FIMAP.AccessAsUser.All%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2FIMAP.AccessAsUser.All%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ehave%20been%20added%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fi.stack.imgur.com%2Ftcwr2.png%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EClient%20scopes%20added%3C%2FA%3E%3C%2FP%3E%3CP%3ERequested%20Access%20token%20with%20resource%20as%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%3C%2FA%3E%3C%2FP%3E%3CP%3ESuccessfully%20received%20access%20token%20with%20scopes%20as%20IMAP.AccessAsUser.All%20SMTP.Send%3C%2FP%3E%3CPRE%3E%7B%0A%20%20%20%20%22token_type%22%3A%20%22Bearer%22%2C%0A%20%20%20%20%22scope%22%3A%20%22IMAP.AccessAsUser.All%20SMTP.Send%22%2C%0A%20%20%20%20%22expires_in%22%3A%203599%2C%0A%20%20%20%20%22ext_expires_in%22%3A%203599%2C%0A%20%20%20%20%22access_token%22%3A%20%22access_token%22%2C%0A%20%20%20%20%22refresh_token%22%3A%20%22refresh_token%22%2C%0A%20%20%20%20%22id_token%22%3A%20%22id_token%22%0A%7D%20%3C%2FPRE%3E%3CP%3ESo%20here%20is%20the%20Java%20Code%20(JavaMail%20jar%201.6.2%20used)%3C%2FP%3E%3CPRE%3EProperties%20properties%3D%20new%20Properties()%3B%0Aproperties.put(%22mail.imap.ssl.enable%22%2C%20%22true%22)%3B%0Aproperties.put(%22mail.imap.auth.mechanisms%22%2C%20%22XOAUTH2%22)%3B%0A%2F%2Fproperties.put(%22mail.imap.sasl.enable%22%2C%20%22true%22)%3B%20un-commented%20still%20results%20are%20same%0Aproperties.put(%22mail.imap.auth.login.disable%22%2C%20%22true%22)%3B%0Aproperties.put(%22mail.imap.auth.plain.disable%22%2C%20%22true%22)%3B%0Aproperties.put(%22mail.debug%22%2C%20%22true%22)%3B%0Aproperties.put(%22mail.debug.auth%22%2C%20%22true%22)%3B%0A%0ASession%20session%20%3D%20Session.getInstance(props)%3B%0Asession.setDebug(true)%3B%0A%0AString%20userEmail%20%3D%20%22emailuser%40domain.onmicrosoft.com%22%3B%0AString%20accessToken%20%3D%20%22accessToken%22%3B%0A%0Afinal%20Store%20store%20%3D%20session.getStore(%22imap%22)%3B%0Astore.connect(%22outlook.office365.com%22%2C%22993%22%2CuserEmail%2C%20accessToken)%3B%3C%2FPRE%3E%3CP%3EFollowing%20output%20%3A%3C%2FP%3E%3CPRE%3EDEBUG%3A%20JavaMail%20version%201.6.2%0ADEBUG%3A%20successfully%20loaded%20resource%3A%20%2FMETA-INF%2Fjavamail.default.address.map%0ADEBUG%3A%20getProvider()%20returning%20javax.mail.Provider%5BSTORE%2Cimap%2Ccom.sun.mail.imap.IMAPStore%2COracle%5D%0ADEBUG%20IMAP%3A%20mail.imap.appendbuffersize%3A%20-1%0ADEBUG%20IMAP%3A%20mail.imap.minidletime%3A%2010%0ADEBUG%20IMAP%3A%20closeFoldersOnStoreFailure%0ADEBUG%20IMAP%3A%20trying%20to%20connect%20to%20host%20%22outlook.office365.com%22%2C%20port%20993%2C%20isSSL%20true%0A*%20OK%20The%20Microsoft%20Exchange%20IMAP4%20service%20is%20ready.%20%5BTQBB%5D%0AA0%20CAPABILITY%0A*%20CAPABILITY%20IMAP4%20IMAP4rev1%20AUTH%3DPLAIN%20AUTH%3DXOAUTH2%20SASL-IR%20UIDPLUS%20ID%20UNSELECT%20CHILDREN%20IDLE%20%0ANAMESPACE%20LITERAL%2B%0AA0%20OK%20CAPABILITY%20completed.%0ADEBUG%20IMAP%3A%20AUTH%3A%20PLAIN%0ADEBUG%20IMAP%3A%20AUTH%3A%20XOAUTH2%0ADEBUG%20IMAP%3A%20protocolConnect%20login%2C%20host%3Doutlook.office365.com%2C%20user%3Demailuser%40domain.onmicrosoft.com%2C%20%0Apassword%3D%26lt%3Bnon-null%26gt%3B%0AA1%20AUTHENTICATE%20XOAUTH2%20dXNlAQE%3D%0AA1%20NO%20AUTHENTICATE%20failed.%0ACould%20not%20connect%20to%20the%20message%20store%0Ajavax.mail.AuthenticationFailedException%3A%20AUTHENTICATE%20failed.%0Aat%20com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java%3A731)%0Aat%20javax.mail.Service.connect(Service.java%3A366)%0Aat%20myproject.EmailReceiver.downloadEmails(EmailReceiver.java%3A79)%0Aat%20myproject.EmailReceiver.main(EmailReceiver.java%3A179)%3C%2FPRE%3E%3CP%3EFollowing%20other%20posts%20could%20not%20able%20to%20find%20scopes%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Foutlook.office365.com%2FSMTP.Send%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Foutlook.office365.com%2FSMTP.Send%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ein%20my%20Azure.%20May%20be%20they%20are%20legacy%20scopes.%3C%2FP%3E%3CP%3EIs%20there%20any%20other%20scopes%20other%20then%20%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2FIMAP.AccessAsUser.All%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2FIMAP.AccessAsUser.All%3C%2FA%3E%22%20and%20%22%3CA%20href%3D%22https%3A%2F%2Fgraph.microsoft.com%2FSMTP.send%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.microsoft.com%2FSMTP.send%3C%2FA%3E%22%20required%20to%20connect%20to%20Exchange%20online%20through%20IMAP.%20Or%20any%20problem%20with%20existing%20code.%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1505026%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIMAP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EJavaMail%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOAuth%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1652021%22%20slang%3D%22en-US%22%3ERe%3A%20JavaMail%20connecting%20to%20Office%20365%20XOAUTH2%20for%20IMAP%20Authentication%20fails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1652021%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20tell%20me%20how%20to%20get%20to%20the%20accessToken%3F%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F716322%22%20target%3D%22_blank%22%3E%40VinyakPM%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Facing connectivity issue with Office365 online with OAuth2.0 I have set up the application permissions and IMAP and SMTP connection.Basic authentication seems to be work fine. I believe IMAP is enabled. My application is configured as Accounts in any organizational directory (Any Azure AD directory - Multitenant) and uses grant type authorization code.

And Delegated Microsoft Graph scopes https://graph.microsoft.com/IMAP.AccessAsUser.All have been added: Client scopes added

Requested Access token with resource as https://graph.microsoft.com

Successfully received access token with scopes as IMAP.AccessAsUser.All SMTP.Send

{
    "token_type": "Bearer",
    "scope": "IMAP.AccessAsUser.All SMTP.Send",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "access_token",
    "refresh_token": "refresh_token",
    "id_token": "id_token"
} 

So here is the Java Code (JavaMail jar 1.6.2 used)

Properties properties= new Properties();
properties.put("mail.imap.ssl.enable", "true");
properties.put("mail.imap.auth.mechanisms", "XOAUTH2");
//properties.put("mail.imap.sasl.enable", "true"); un-commented still results are same
properties.put("mail.imap.auth.login.disable", "true");
properties.put("mail.imap.auth.plain.disable", "true");
properties.put("mail.debug", "true");
properties.put("mail.debug.auth", "true");

Session session = Session.getInstance(props);
session.setDebug(true);

String userEmail = "emailuser@domain.onmicrosoft.com";
String accessToken = "accessToken";

final Store store = session.getStore("imap");
store.connect("outlook.office365.com","993",userEmail, accessToken);

Following output :

DEBUG: JavaMail version 1.6.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: closeFoldersOnStoreFailure
DEBUG IMAP: trying to connect to host "outlook.office365.com", port 993, isSSL true
* OK The Microsoft Exchange IMAP4 service is ready. [TQBB]
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE 
NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: AUTH: XOAUTH2
DEBUG IMAP: protocolConnect login, host=outlook.office365.com, user=emailuser@domain.onmicrosoft.com, 
password=<non-null>
A1 AUTHENTICATE XOAUTH2 dXNlAQE=
A1 NO AUTHENTICATE failed.
Could not connect to the message store
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:731)
at javax.mail.Service.connect(Service.java:366)
at myproject.EmailReceiver.downloadEmails(EmailReceiver.java:79)
at myproject.EmailReceiver.main(EmailReceiver.java:179)

Following other posts could not able to find scopes https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send in my Azure. May be they are legacy scopes.

Is there any other scopes other then "https://graph.microsoft.com/IMAP.AccessAsUser.All" and "https://graph.microsoft.com/SMTP.send" required to connect to Exchange online through IMAP. Or any problem with existing code.

2 Replies
Highlighted

Can you tell me how to get to the accessToken?@VinyakPM 

Highlighted

@zoujg120820  Could I use the bearer token obtained in the method below for JavaMail connecting to Office 365 XOAUTH2  ?

shchoo83_0-1604982594263.png