IMAP OAuth2 Authentication (Office 365)

0 votes
asked Apr 20, 2020 by apriemyshev (220 points)

Are there any code examples for accessing an Office 365 mailbox using IMAP with an OAuth 2.0 token?

Applies to: Rebex Secure Mail
commented Apr 21, 2020 by Pavel Matyska (15,060 points)

Update: Please see the answer below


Hi,

In the time of writing this answer, it is still not possible to use OAuth token for IMAP protocol targeting outlook.office365.com server.

As one of Microsoft person claimed, it is still work in progress. When it is done, they'll make an announcement.
Thay also claim, "We’re planning on adding OAuth support to both POP and IMAP in the next few months".

When Microsoft has implemented this in their side, we'll post an updated answer to this question.

1 Answer

0 votes
answered Jun 4, 2020 by Pavel Matyska (15,060 points)
edited Mar 24 by Lukas Pokorny
 
Best answer

Hi,

Microsoft finally published access to Office 365 IMAP server using OAuth 2.0 authentication. We had to enable a workaround for it that we had made for other Microsoft IMAP server on Outlook.com.

Another related forum thread on this issue can be found here: https://forum.rebex.net/12653/does-rebex-support-office-mailbox-using-imap-with-oauth-token

Trial hotfix version that makes it possible to connect to Office 365 IMAP server can be downloaded here:
https://www.rebex.net/getfile/5fbeb9d0d84b44249298725928d3d2b6/RebexSecureMail-ImapOAuth-HotfixBuild7460-Trial-Binaries.zip

Full version of this hotfix is for available for paying customers at support@rebex.net as part of their support contract.

Update: This workaround has been released with Rebex Secure Mail 2020 R3.

Update: We published a blog post that describes how to login with OAuth 2.0 to Office365 with Rebex Secure Mail, and another one that describes how to register application for with appropriate permissions in Azure.


commented Jun 5, 2020 by apriemyshev (220 points)
edited Jun 5, 2020 by apriemyshev
It seems OAuth2 client credentials grant flow that enables access without a user is not supported.
ImapResponse: AUTHENTICATE failed.
Message: AUTHENTICATE failed (NO).
Status: ProtocolError: The response received from the server was complete but indicated a protocol-level error.
commented Jun 5, 2020 by Pavel Matyska (15,060 points)
From Microsoft documentation (https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth)

"OAuth access to IMAP, POP, SMTP AUTH protocols via OAuth2 client credentials grant flow is not supported. If your application needs persistent access to all mailboxes in a Microsoft 365 organization, we recommend that you use the Microsoft Graph APIs..."

So it seems Microsoft specifically does not allow this scenario.
...