使用OAuth的POP3身份验证会给出"Err协议错误".连接已关闭". [英] POP3 Authentication with OAuth gives "Err Protocol error. Connection is closed"
问题描述
我的公司需要升级应用程序以集成用于POP3的两足式OAuth 2.0.我正在使用Outlook在线帐户进行测试,并尝试在Outlook.office365.com上进行身份验证(我也尝试过pop3.live.com).
My company needs to upgrade an application to integrate two-legged OAuth 2.0 for POP3. I'm testing with an outlook online account and trying to authenticate on outlook.office365.com (I've also tried pop3.live.com).
我使用测试前景帐户注册了Exchange Online试用版.
I registered for an Exchange Online trial using my test outlook account.
我已在Azure上注册了我的应用程序,并已为MS Graph(Mail.ReadWrite,Mail.Send)和Exchange(full_access_as_app)启用了API应用程序权限.我用于Exchange注册的同一Outlook帐户是Azure租户的全局管理员.
I've registered my app on Azure and have enabled API Application Permissions for MS Graph (Mail.ReadWrite, Mail.Send) and Exchange (full_access_as_app). The same outlook account I used for the Exchange registration is the Global Admin of the Azure tenant.
我能够从Graph和Exchange端点请求有效的OAuth令牌.但是,当我使用令牌并尝试登录POP服务器时,出现以下错误:
I'm able to request a valid OAuth token from both the Graph and Exchange endpoints. However, when I use the token and try to log into the POP server, I get the following error:
<PopCmdSent>AUTH XOAUTH2 [token]</PopCmdSent>
<PopCmdResp>-ERR Protocol error. Connection is closed. 10</PopCmdResp>
其次:
<error>POP3 authentication failed</error>
我不确定这个错误是什么意思.是否需要将我的邮件组件设置为使用其他协议(不确定是否可以使用)?这可能与我的应用程序的注册/身份验证方式或Exchange安全设置有关吗?
I'm not sure what this error means. Does my mail component need to be set up to use a different protocol (not sure if this is possible)? Could this be an issue with the way my application is registered/authenticated or with the Exchange security settings?
如果我使用基本身份验证而不是OAuth,则登录正常.
The login works fine if I use Basic Auth instead of OAuth.
我不确定如何解决此问题.任何信息或建议将不胜感激!
I'm not sure how to troubleshoot this. Any info or suggestions would be much appreciated!
编辑
我最近偶然发现了这篇Microsoft文章,该文章引用了相同的错误,但与Exchange Server 2007有关.该文章说,解决方案是将Exchange服务器上的"MaxCommandSize"设置从默认的40kb增加.
I recently stumbled across this Microsoft article that references the same error, but it's related to Exchange Server 2007. The article says the solution is to increase the "MaxCommandSize" setting on the Exchange server from the default 40kb.
从字面上看,这是我看到在线引用此错误的唯一其他地方:
This is literally the only other place I've seen this error referenced online:
我想知道这是否与Exchange Online/Outlook有关?我无法在Exchange Online试用版或Outlook邮件设置中找到类似的设置
I wonder if this is relevant for Exchange Online/Outlook? I'm unable to find a similar setting on my Exchange Online trial or Outlook mail settings
编辑2
我与正在使用的邮件组件的开发人员进行了电子邮件交流(Chilkat Mailman).他显然在同一个问题上停留了几个月.他说,该组件中实现了XOAUTH2的正确协议,并且对于任何邮件服务器都应使用相同的协议.
I had an email exchange with a developer of the mail component I'm using (Chilkat Mailman). He has apparently been stuck on the same problem for a few months. He says the correct protocols for XOAUTH2 are implemented in the component and should work the same for any mail server.
但是,他还难以将Azure应用注册链接到特定的O365帐户,并且难以获得正确的范围/权限来对该帐户进行身份验证.
However, he's also having difficulty linking the Azure app registration to a specific O365 account and getting the correct scope/permissions to authenticate the account.
很高兴听到我不是唯一一个为此奋斗的人,而且我没有一个明显的失踪之处.但也令人担心的是,流行的邮件组件的开发人员在复制过去非常简单的过程时遇到了麻烦.
It's good to hear that I'm not the only one struggling with this and that there isn't an obvious piece I'm missing. But also pretty concerning that the developer of a popular mail component is having trouble replicating what used to be an incredibly simple process.
他根据他目前的理解写的文章(不确定是否相关)
Article he wrote on his current understanding (not sure if this is relevant):
https://cknotes.com/o365-imap-authentication- oauth-mfa-wtf/
推荐答案
我找到了运行正常的解决方案.
I found the solution which is working properly.
添加以下范围
" https://outlook.office.com/POP.AccessAsUser.All"在获取令牌期间在代码中明确显示.
"https://outlook.office.com/POP.AccessAsUser.All" explicitly in the code during acquire token.
这是c#中的某种伪代码:
This is some kind of pseudo code in c#:
private readonly string[] Scopes = new string[] { "outlook.office.com/POP.AccessAsUser.All" };
m_clientApp=PublicClientApplicationBuilder.Create(m_mailAccount.ClientID)
.WithAuthority($"{LoginURI}{m_mailAccount.TenantID}") .WithDefaultRedirectUri() .Build();
authResult = m_clientApp.AcquireTokenSilent(Scopes,existingUserID).ExecuteAsync().Result;
这篇关于使用OAuth的POP3身份验证会给出"Err协议错误".连接已关闭".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
