IMAP OAuth2 Authentication (Office 365)

0 votes
asked Apr 20 by apriemyshev (160 points)

Are there any code examples for accessing an Office 365 mailbox using IMAP with an OAuth 2.0 token?

Applies to: Rebex Secure Mail

2 Answers

0 votes
answered Jun 4 by Pavel Matyska (13,340 points)
selected Jun 5 by apriemyshev
 
Best answer

Hi,

Microsoft finally published access to Office 365 IMAP server using OAuth 2.0 authentication. We had to enable a workaround for it that we had made for other Microsoft IMAP server on Outlook.com.

Another related forum thread on this issue can be found here: https://forum.rebex.net/12653/does-rebex-support-office-mailbox-using-imap-with-oauth-token

Trial hotfix version that makes it possible to connect to Office 365 IMAP server can be downloaded here:
https://www.rebex.net/getfile/5fbeb9d0d84b44249298725928d3d2b6/RebexSecureMail-ImapOAuth-HotfixBuild7460-Trial-Binaries.zip

Full version of this hotfix is for available for paying customers at support@rebex.net as part of their support contract.

This workaround will be available in the next release of our components.

commented Jun 5 by apriemyshev (160 points)
edited Jun 5 by apriemyshev
It seems OAuth2 client credentials grant flow that enables access without a user is not supported.
ImapResponse: AUTHENTICATE failed.
Message: AUTHENTICATE failed (NO).
Status: ProtocolError: The response received from the server was complete but indicated a protocol-level error.
commented Jun 5 by Pavel Matyska (13,340 points)
From Microsoft documentation (https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth)

"OAuth access to IMAP, POP, SMTP AUTH protocols via OAuth2 client credentials grant flow is not supported. If your application needs persistent access to all mailboxes in a Microsoft 365 organization, we recommend that you use the Microsoft Graph APIs..."

So it seems Microsoft specifically do not allow this scenario.
+1 vote
answered Apr 21 by Pavel Matyska (13,340 points)

Hi,

In the time of writing this answer, it is still not possible to use OAuth token for IMAP protocol targeting outlook.office365.com server.

As one of Microsoft person claimed, it is still work in progress. When it is done, they'll make an announcement.
Thay also claim, "We’re planning on adding OAuth support to both POP and IMAP in the next few months".

When Microsoft has implemented this in their side, we'll post an updated answer to this question.

...