Jump to content
andychez

OAUTH and Exchange POP 3

Recommended Posts

Hi,

I'm struggling a little using OAUTH2 with Exchange POP3. 

I can get connected to the pop3 server ok. (+OK The Microsoft Exchange POP3 service is ready.)

When I use pop3.Auth , I get a "-ERR Authentication failure: unknown user name or bad password" error.

I have of course checked passwords and username many times. The same ones work fine with other mail apps.

The problem I have is that I am not sure at which end the problem is.

Exchange has POP3 and IMAP enabled for the use that I am using for testing etc.

I am assuming that I am getting through the AAUTH hoops as the pop3 client seems to connect ok.

Any pointers or help would be appreciated.

Thanks

AndyC++

 

 

Share this post


Link to post

To use OAuth2 with the POP3 component, you need to also use the TIcsRestEmail which handles all the OAuth2 stuff, look at the OverbyteIcsSslMailRcv sample which has all the extra code needed. 

 

There will be significantly improved OAuth2 support with a new embedded browser window later this week.

 

Angus

 

Share this post


Link to post
32 minutes ago, Angus Robertson said:

To use OAuth2 with the POP3 component, you need to also use the TIcsRestEmail which handles all the OAuth2 stuff, look at the OverbyteIcsSslMailRcv sample which has all the extra code needed. 

 

There will be significantly improved OAuth2 support with a new embedded browser window later this week.

 

Angus

 

I Did all that. See the log below from the sample app.

 

---LOG---

Redirect URL: http://localhost:8080/microsoft/
POST https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Connected OK to: login.microsoftonline.com (40.126.32.136)
Request completed: 200 OK
Got New Access Token: eyJ0eXAi--------
Which Expires: 15/11/2022 14:16:09
Got New Refresh Token: 0.AR8AUJ0t-----
GET https://graph.microsoft.com/v1.0/me/
Connected OK to: graph.microsoft.com (40.126.41.160)
Request completed: 401 Unauthorized  
Saved OAuth2 Refresh Token
Got New OAuth2 Bearer Token OK
! Starting SSL handshake
SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, key auth RSA, key exchange ECDH, encryption AESGCM(256), message auth AEAD
< +OK The Microsoft Exchange POP3 service is ready. [TABPADQAUAAyADYANQBDAEEAMAAyADUANQAuAEcAQgBSAFAAMgA2ADUALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]
Request Done Rq=0 Error=0 LastResponse="+OK The Microsoft Exchange POP3 service is ready. [TABPAD-----]" ErrorMessage="" Connected=True

Note the 401 Unauthorized. Not sure what that means as everything seems ok,

Then when I do pop3.auth I get

 

> AUTH XOAUTH2
< + 
> dXNlcj10ZXN0ZXJAZn------
< -ERR Authentication failure: unknown user name or bad password.
Request Done Rq=16 Error=500 LastResponse="-ERR Authentication failure: unknown user name or bad password." ErrorMessage="-ERR Authentication failure: unknown user name or bad password." Connected=True


 

 

 

AndyC++

Share this post


Link to post

It looks like all the OAuth2 stuff has worked, but the account you authenticated does not have access to POP3 mail. Could be different scopes are required for Exchange, I only test against consumer accounts and servers like office365.com. 

 

The error for graph.microsoft.com is attempting to get your profile and email address, which works with Google but not currently Microsoft, I could not find scopes that gave access to all the APIs I needed.  It's not fatal.

 

Angus

 

 

 

Share this post


Link to post
6 minutes ago, Angus Robertson said:

It looks like all the OAuth2 stuff has worked, but the account you authenticated does not have access to POP3 mail. Could be different scopes are required for Exchange, I only test against consumer accounts and servers like office365.com. 

 

The error for graph.microsoft.com is attempting to get your profile and email address, which works with Google but not currently Microsoft, I could not find scopes that gave access to all the APIs I needed.  It's not fatal.

 

Angus

 

 

 

Thanks for that. I will go digging in Active directory, I probably missed an app permission somewhere.

AndyC

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×