JavaMail连接到Office 365 XOAUTH2以进行IMAP身份验证失败 [英] JavaMail connecting to Office 365 XOAUTH2 for IMAP Authentication fails

问题描述

使用OAuth2.0的Office365联机面临的连接问题我已经设置了应用程序权限以及IMAP和SMTP连接.基本身份验证似乎可以正常工作.我相信已启用IMAP.我的应用程序被配置为任何组织目录(任何Azure AD目录-Multitenant)中的帐户"，并使用授权类型授权代码.

和委托的Microsoft Graph范围

Facing connectivity issue with Office365 online with OAuth2.0 I have set up the application permissions and IMAP and SMTP connection.Basic authentication seems to be work fine. I believe IMAP is enabled. My application is configured as Accounts in any organizational directory (Any Azure AD directory - Multitenant) and uses grant type authorization code.

And Delegated Microsoft Graph scopes https://graph.microsoft.com/IMAP.AccessAsUser.All have been added: Client scopes added

Requested Auth code with https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/authorize?response_type=code&client_id=1223&redirect_uri=http://localhost:5555 Access Token request https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token Requested Access token with resource as "https://graph.microsoft.com"

Requesting Access token Image

Successfully received access token with scopes as IMAP.AccessAsUser.All SMTP.Send

{
    "token_type": "Bearer",
    "scope": "IMAP.AccessAsUser.All SMTP.Send",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "access_token",
    "refresh_token": "refresh_token",
    "id_token": "id_token"
} 

So here is the Java Code (JavaMail jar 1.6.2 used)

Properties properties= new Properties();
properties.put("mail.imap.ssl.enable", "true");
properties.put("mail.imap.auth.mechanisms", "XOAUTH2");
//properties.put("mail.imap.sasl.enable", "true"); un-commented still results are same
properties.put("mail.imap.auth.login.disable", "true");
properties.put("mail.imap.auth.plain.disable", "true");
properties.put("mail.debug", "true");
properties.put("mail.debug.auth", "true");

Session session = Session.getInstance(props);
session.setDebug(true);

String userEmail = "emailuser@domain.onmicrosoft.com";
String accessToken = "accessToken";

final Store store = session.getStore("imap");
store.connect("outlook.office365.com","993",userEmail, accessToken);

Following output :

DEBUG: JavaMail version 1.6.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Oracle]
DEBUG IMAP: mail.imap.appendbuffersize: -1
DEBUG IMAP: mail.imap.minidletime: 10
DEBUG IMAP: closeFoldersOnStoreFailure
DEBUG IMAP: trying to connect to host "outlook.office365.com", port 993, isSSL true
* OK The Microsoft Exchange IMAP4 service is ready. [TQBB]
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE 
NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: AUTH: XOAUTH2
DEBUG IMAP: protocolConnect login, host=outlook.office365.com, user=emailuser@domain.onmicrosoft.com, 
password=<non-null>
A1 AUTHENTICATE XOAUTH2 dXNlAQE=
A1 NO AUTHENTICATE failed.
Could not connect to the message store
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:731)
at javax.mail.Service.connect(Service.java:366)
at myproject.EmailReceiver.downloadEmails(EmailReceiver.java:79)
at myproject.EmailReceiver.main(EmailReceiver.java:179)

Following other posts could not able to find scopes https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send in my Azure. May be they are legacy scopes.

Is there any other scopes other then "https://graph.microsoft.com/IMAP.AccessAsUser.All" and "https://graph.microsoft.com/SMTP.send" required to connect to Exchange online through IMAP. Or any problem with existing code.

Issue has been resolved my using scopes offline_access%20https%3A%2F%2Foutlook.office365.com%2FIMAP.AccessAsUser.All%20https%3A%2F%2Foutlook.office365.com%2FSMTP.Send It provides permission to access Mail and also provides refresh token to re-generate the access token.

解决方案

I think your problem is related to the access token scopes. I am working on a similar app but i am using the scopes https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send to obtain access tokens and it seems not to work if I try to use SMTP.Send and IMAP.AccessAsUserAll.

My access token looks like this: {"token_type":"Bearer", "scope":"https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send", "expires_in":3599, "ext_expires_in":3599, "access_token":"eyJ0eXAiOi..."}

In the azure app config, I just have the Microsoft Graph permissions for IMAP and SMTP.

这篇关于JavaMail连接到Office 365 XOAUTH2以进行IMAP身份验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！