ImapAuthentication::OAuth20 authentication for Outlook and Yahoo

+1 vote
asked Dec 16, 2015 by lakamraju (200 points)
edited Dec 16, 2015 by lakamraju

How to perform ImapAuthentication::OAuth20 authentication for Gmail and Yahoo mails ?

Edit: Actually I am looking for Outlook and Yahoo mails, not Gmail

Applies to: Rebex Secure Mail

2 Answers

+1 vote
answered Dec 16, 2015 by Tomas Knopp (58,890 points)
edited Jan 13, 2016 by Tomas Knopp
 
Best answer

UPDATE


The hotfix mentioned below has been released as part of Rebex components 2016 R1. See what's new.


Actually, Rebex Imap/Smtp does nothing more than simply passing the XOAUTh2 authentication token to the IMAP/SMTP server.
As the code works fine with Gmail it should actually work with any IMAP/SMTP server that supports OAuth2 (as long as you pass a valid access token).

However, after a recent upgrade of Outlook365.com servers (about a month ago) we discovered a bug in our TLS 1.2 implementation that made Rebex Secure Mail 2015R4.1 unusable with the new version of Office365.com. This is not at all related to OAuth, but this bug most possibly prevents you from connecting to these servers completely.

UPDATE
Both the TLS 1.2 problems and problems when connecting to imap-mail.outlook.com with XOAuth2 authentication are fixed in Rebex Secure Mail 2016 R1.

A hotfix is already available for download, so in order to connect fine to office365.com mail servers with TLS 1.2, download the hotfix.
Give it a try and let me know whether you are able to connect and login with OAuth2 to Outlook 365. If not, creating a log of communication is a good start. Send us the log, so that we are able to look into it.

(Registered customers, the full version hotfix is available on demand at support@rebex.net).

As to the Yahoo IMAP server - I do not know what could be wrong, I tried connecting to yahoo IMAP with this code:

        Imap imap = new Imap();
        imap.Connect("imap.mail.yahoo.com", SslMode.Implicit);

        // prepare token
        string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}", userEmail, '\x1', accessToken);
        string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

        // log in using OAuth 2.0
        imap.Login(token, ImapAuthentication.OAuth20);

        imap.Disconnect();

and their server seems to announce OAuth2. However according to this yahoo developer page, only some of their services use OAuth2, whereas some still seem to stick to old OAuth version 1 which is not supported by Rebex. The log might help as well if you turn to them for advice and/or you should be able to find exact details at yahoo online doc.

commented Dec 17, 2015 by lakamraju (200 points)
Thanks Tomas for you prompt reply.

I have downloaded the hotfix as mentioned by you. I am getting the below error (this is same error I got earlier):

"An unhandled exception of type 'Rebex.Net.ImapException' occurred in Rebex.Imap.dll
Additional information: SASL Token argument is missing or invalid (BAD)."

This could be issue with my access token, but could not find out what it is. Any guidance to address this issue will be helpful.

Also regarding yahoo, I am interested to retrieve mails from yahoo. I want to know if for this service is yahoo using OAuth2 ?
Because as per my knowledge yahoo is using OAuth2 authentication for social services only. Any info regarding this also will be helpful.
commented Dec 17, 2015 by Tomas Knopp (58,890 points)
edited Dec 17, 2015 by Tomas Knopp
Hi Lakamraju,

I have found the following https://github.com/MailCore/mailcore2/issues/630 where the same issue was observed when the OAuth2 token was in fact "quoted". This is not the issue with Rebex Mail, however, could you please make sure what token you pass and that it does not have quotest " and " around it?

If you do not manage to find the solution, please create a debug log as described at www.rebex.net/kb/logging and send it back to us to support@rebex.net for analysis. Thank you!
commented Dec 17, 2015 by Tomas Knopp (58,890 points)
As to the Yahoo. You can give it a try and if it works with Rebex Secure Mail, then they already migrated to XOAuth2 as our component only supports the second generation of OAuth. Nevertheless, it would be better to ask yahoo directly whether their IMAP server already supports XOAuth2. (I saw when connecting to yahoo imap server that it announces XOAuth2 support, but on the other hand yahoo servers are well known to be buggy, so this does not have to mean their compatible.) If you manage to get any reply from yahoo, we'll be glad if you share it with us.
commented Dec 18, 2015 by lakamraju (200 points)
Hi Tomas,
I have send the code snippet along with logs to  support@rebex.net for the analysis of issue regarding outlook authentication.

And regarding Yahoo, I will contact their support and will surely update the response from them
commented Dec 18, 2015 by Tomas Knopp (58,890 points)
Hi Lakamraju,

thank you for the XOAUTH log that you sent by email. Actually it has something to do with the length of the token which is well over 1KB. It looks like our component sends it in a different format then. We have been able to replicate the issue when connecting to imap-mail.outlook.com with XOAuth2 authentication and we will be working on it and get back to you beginning next week.
commented Dec 18, 2015 by lakamraju (200 points)
OK. Really appreciate your prompt reply and support
commented Dec 22, 2015 by lakamraju (200 points)
With the beta binaries provided by Rebex team, I could able to resolve this issue.
Thank you.
commented Jan 4, 2016 by Tomas Knopp (58,890 points)
Glad that it helped. Thanks for letting us know. The fix will be part of the next release (i.e. 2016R1).
commented Jan 13, 2016 by Tomas Knopp (58,890 points)
The hotfix has been released as part of Rebex components 2016R1.
0 votes
answered Dec 16, 2015 by Tomas Knopp (58,890 points)
edited Jul 29, 2016 by Lukas Matyska

Update: See our How to authenticate to Gmail with Rebex Secure Mail using OAuth 2.0 blog post.


To authenticate using OAuth, you first have to construct an authentication token. Then, present the token to the IMAP or SMTP server.

Here is sample code that will authenticate to Gmail IMAP server via OAuth20 (given that you already have your "accesstoken"):

// create IMAP client instance and connect (same applies for Rebex.Net.Smtp)
var client = new Rebex.Net.Imap();
client.Connect("imap.gmail.com", SslMode.Implicit);

// prepare token
string pattern = string.Format("user={0}{1}auth=Bearer {2}{1}{1}", userEmail, '\x1', accessToken);
string token = Convert.ToBase64String(Encoding.ASCII.GetBytes(pattern));

// log in using OAuth 2.0
client.Login(token, ImapAuthentication.OAuth20);

The OAuth "accessToken" from the above code has to be retrieved from the server provider. For more information on how to obtain it see https://developers.google.com/gmail/xoauth2_protocol

commented Dec 16, 2015 by lakamraju (200 points)
Thanks Tomas.
But I am looking for Outlook and Yahoo mails, not Gmail. I could successfully authenticate using OAuth for Gmail, but the same process is not working for Outlook and Yahoo.

I have edited the post.
Sorry for the inconvenience.
commented Dec 16, 2015 by Tomas Knopp (58,890 points)
Lakamraju, thanks for clarification! Please see my new answer above.
...