0 votes
by (360 points)

We are using Rebex 6.3 for POP3 and SMTP and need to change the Authentication to
OAuth2. According to Samples Pop3OAuthAppOnlyConsole and ImapOAuthAppOnlyConsole i tried to connect.

With POP3 everything works fine till

var authResult = await cca.AcquireTokenForClient(scopes).ExecuteAsync();

        string accessToken = authResult.AccessToken;

        // connect using Rebex POP3 and retrieve list of messages
        using (var client = new Pop3())
        {
            // communication logging (enable if needed)
            //client.LogWriter = new FileLogWriter("pop3-oauth.log", LogLevel.Debug);

            // connect to the server
            Console.WriteLine("Connecting to POP3...");
            await client.ConnectAsync("outlook.office365.com", SslMode.Implicit);

            // authenticate using the OAuth 2.0 access token
            Console.WriteLine("Authenticating to POP3...");
            await client.LoginAsync("xxx@concept.onmicrosoft.com", accessToken, Pop3Authentication.OAuth20);

            // list recent messages
            Console.WriteLine("Listing messages...");
            int count = client.GetMessageCount();

}

on client.GetMessageCount() i got Exception:

"Command is not valid in this state."

" bei Rebex.Net.Pop3.fpwda(Boolean p0, Boolean p1, String& p2)\r\n bei Rebex.Net.Pop3.robfu(Int32& p0, Int64& p1)\r\n bei Rebex.Net.Pop3.itnfd()\r\n bei Sc.Lib.App.Oauth2TestForm.d__38.MoveNext() in C:\Projects\CO70.NET\_repo\Office\Tools\Oauth2Test\Oauth2TestForm.cs:Zeile 81."

With IMAP i got Exception on trying to Login

       await client.LoginAsync("xxxxxx@concept.onmicrosoft.com", authResult.AccessToken, ImapAuthentication.OAuth20);

"AUTHENTICATE failed (NO)."

" bei Rebex.Net.Imap.ckfej(String p0, ImapResponse p1, Boolean p2)\r\n bei Rebex.Net.Imap.raucp(String p0)\r\n bei Rebex.Net.Imap.gjkvd(String p0, String p1, ImapAuthentication p2, GssApiProvider p3)\r\n bei Rebex.Net.Imap.gwcxn(String p0, String p1, ImapAuthentication p2)\r\n bei Rebex.Net.Imap.xpigz(Object p0, Enum p1, Object[] p2)\r\n bei dxklq.xzusb.vjspj(Object p0)\r\n--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---\r\n bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n bei System.Runtime.CompilerServices.TaskAwaiter.GetResult()\r\n bei Sc.Lib.App.Oauth2TestForm.d__38.MoveNext() in C:\Projects\CO70.NET\_repo\Office\Tools\Oauth2Test\Oauth2TestForm.cs:Zeile 132."

Is there still no way to Use Rebex.SMTP for daemon app wird Seret authentication ?

Applies to: Rebex Secure Mail

1 Answer

0 votes
by (144k points)
edited by
 
Best answer

There is a bug in Rebex Secure Mail R6.3 that triggers "Command is not valid in this state" error when POP3 authentication fails with Microsoft 365. This has been fixed in R6.5. To determine the actual cause in R6.3, enable logging using Pop3.LogWriter and check the log. Sorry for inconvenience!

But most likely, the issue is the same as in IMAP (although in POP3 the error message is slightly different), where "AUTHENTICATE failed (NO)" indicates that the token was not accepted for authentication.

To get app-only authentication (for unattended daemon/service apps) work with POP3 or IMAP, please follow our step-by-step guide:

Make sure you followed all the steps - they are important.


Regarding SMTP deamon app via OAuth: This is still not supported by Microsoft 365, unfortunately. For SMTP, either keep using basic authentication for now (unlike POP3, IMAP and EWS, this will not get disabled on October 1st), or use EWS, which supports mail sending as well (our EWS/OAuth/AppOnly sample app can be easily adapted for this purpose - just call SendMessage instead of GetFolderInfo).

by (360 points)
full_access_as_app
IMAP.AccessAsApp
POP.AccessAsApp

admin consent is also granted, is it enought?

" Also, make sure you created the "principal" for your app and granted permissions for mailboxes using Add-MailboxPermission cmdlet. "
Is it possoble to do it with out powershall? This is something new, never heart about it.
by (144k points)
The permissions along with admin consent are fine, but mailbox permissions do have to be assigned as well for POP3 and IMAP.

The need to use those cmdlets is new to us as well - it looks like this was introduced just two month ago along with app-only OAuth for POP3/IMAP. Unfortunately, there is no alternative way to configure this yet.

Give this powershell script a try:

$TenantId = "YOUR_TENANT_ID_HERE"
$AppId = "YOUR_APP_ID_HERE"
$ObjectId= "YOUR_OBJECT_ID_HERE"
$Identity = "your.mailbox.here@example.org"
$DisplayName = "Principal for IMAP/POP3 - you can use any name here"

Install-Module -Name ExchangeOnlineManagement
Install-Module -Name AzureAD
Import-module ExchangeOnlineManagement
Connect-AzureAd -Tenant $TenantId
Connect-ExchangeOnline -Organization $TenantId

New-ServicePrincipal -AppId $AppId -ServiceId $ObjectId -DisplayName $DisplayName

Add-MailboxPermission -Identity $Identity -User $ObjectId -AccessRights FullAccess
by (360 points)
edited by
some time was needed for this. But Now i was able to Login , thank You.
by (144k points)
Thanks for letting us know!
...