New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot access to Microsoft mailboxes via OAuth2 - Please help me #262
Comments
Hi @francescodiperna ,
I've tested it successfully with a slightly different scope "offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All%20https%3A%2F%2Foutlook.office365.com%2FSMTP.Send" - but I don't believe they are all required. In fact I believe just "https://outlook.office365.com/IMAP.AccessAsUser.All" is required. I hope this helps you :) Best regards & happy coding, |
Thanks for fast replay, we are unable to use your scope because the server complain with the following message
We are using "OAuth 2.0 Client Credentials flow", maybe you are using a different one? |
Hi @francescodiperna , #!/bin/bash
CLIENT_ID="redacted"
CLIENT_SECRET="redacted"
TENANT="redacted"
SCOPE="offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All%20https%3A%2F%2Foutlook.office365.com%2FSMTP.Send"
STATE="12345"
REDIRECT_URI="http%3A%2F%2Flocalhost"
echo "Open this url inside your browser:"
echo ""
echo "https://login.microsoftonline.com/${TENANT}/oauth2/v2.0/authorize?client_id=${CLIENT_ID}&response_type=code&redirect_uri=${REDIRECT_URI}&response_mode=query&scope=${SCOPE}&state=${STATE}"
echo ""
echo "..you'll get redirected to ${REDIRECT_URI} with the required code & session_state attached within the uri."
echo "Edit this file and update the CODE and SESSION variable and remove the first 'exit 0'."
# Remove this line, if you've acquired the code and session state values
exit 0
echo ""
# -> http://localhost/
# ?code=redacted
# &state=12345
# &session_state=aa88c.....#
CODE="0.AWcAfY9hQ-vwo0y1eqaPE....."
SESSION="aa88c12b-3e...."
REFRESH_TOKEN=""
echo "Trying to authenticate the session.."
RESPONSE=$( curl -XPOST https://login.microsoftonline.com/${TENANT}/oauth2/v2.0/token -d "client_id=${CLIENT_ID}&scope=${SCOPE}&code=${CODE}&state=${STATE}&session_state=${SESSION}&redirect_uri=${REDIRECT_URI}&client_secret=${CLIENT_SECRET}&refresh_token=${REFRESH_TOKEN}&grant_type=authorization_code" )
# {
# "token_type":"Bearer",
# "scope":"https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send",
# "expires_in":3955,
# "ext_expires_in":3955,
# "access_token":"redacted",
# "refresh_token":"redacted"
# }
echo ""
echo "Auth response.."
echo "$RESPONSE"
ACCESS_TOKEN=$( echo "$RESPONSE" | jq -r .access_token )
REFRESH_TOKEN=$( echo "$RESPONSE" | jq -r .refresh_token )
echo ""
echo "Access token: ${ACCESS_TOKEN}"
echo ""
echo "Refresh token: ${REFRESH_TOKEN}"
echo ""
echo "" |
My working example
|
Hi @francescodiperna , curl -XPOST https://login.microsoftonline.com/${TENANT}/oauth2/v2.0/token -d "client_id=${CLIENT_ID}&scope=${SCOPE}&refresh_token=${REFRESH_TOKEN}&grant_type=refresh_token&client_secret=${CLIENT_SECRET}" If you can't authenticate the user via browser, perhaps @eisolutions suggestion works better for your use case. I'm not familiar with the error message https://github.com/Webklex/php-imap/blob/master/src/config/imap.php#L152 If you are using the laravel wrapper, the |
You can authorize user in browser, then save access token and refresh token eg. in database and transfer to your daemon app. |
I was getting the same error. It looks to have been because IMAP was disabled on the account |
Hi, I'm trying to read mailboxes using this library, obtaining the correct access token, but when I try to use the token I got the error "NO AUTHENTICATE failed".
I have configured the app in AD as the guide indicated in the link https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow.
Does anyone is able to read mailboxes messages using OAuth authentication?
The access token param are:
and the following request is:
We tried to add many permission to the app registration, as you can see in the attached screenshot.
Do you have any idea to correct the problem?
Kind regard
The text was updated successfully, but these errors were encountered: