Access to Office365 mailbox for a Java application

Mahendra Baghel 16 Reputation points
2022-05-10T15:20:09.04+00:00

We are using Java Mail API to read an unattended mailbox from the office365. I have been told the default access will be no longer available and we have to use oauth2 API's from Microsoft. We only want to access couple of unattended mailbox from our cloud domain. How do we register the app (permissions) and if there is a Java sample code available for the same?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,296 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,412 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Glen Scales 4,431 Reputation points
    2022-05-11T00:28:00.41+00:00

    If your using Java Mail this this would be using IMAP for connectivity, the client credentials flow https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth which is what you would typically use for unattended access isn't currently supported (It will probably be supported at some point the future).

    So you have a couple of options the first would be switch to using the Graph API https://github.com/microsoftgraph/msgraph-sdk-java which does support using the client credentials flow, its a bit more work but should offer generally a better and more secure solution going forward. The other solution would be look at using the ROPC oAuth flow https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc which essential means you have a set of credentials, obtain an Accesstoken for those credentials and apart form https://javaee.github.io/javamail/OAuth2 that should be all you need to do. Some of down sides of using the ROPC flow is you can't have MFA enabled on the account being used and you also can't have any conditional access polices.

    For IMAP the only permission you need is https://outlook.office.com/IMAP.AccessAsUser.All (you'll find the permission themselves under the Graph API) and the registration needs to be done in the Azure Portal https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app to allow the ROPC flow you need to set the application registration to allow public flows

    2 people found this answer helpful.

  2. Mahendra Baghel 16 Reputation points
    2022-05-18T21:28:40.4+00:00

    Hi Glen,

    I followed the instructions. I am stuck in two places. I can get an authentication token with "user.read" scope without the secrete. When I add the scope IMAP.AccessAsUser.All. It throws "error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '<xxxxxxxxx>'". Do I have to send the app secrete?

    Thanks,

    Mahendra


  3. saravan 1 Reputation point
    2022-12-01T10:45:53.457+00:00

    To access Office365 Mail box using Java. Please follow the steps as given here: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth. (Ignore the Base 64 encode step, this is not required for JMS implementation)

    I used JMS 1.6.2 to access my mail box.

            <dependency>  
                <groupId>com.sun.mail</groupId>  
                <artifactId>javax.mail</artifactId>  
                <version>1.6.2</version>  
            </dependency>  
              
    

    Use MSAL to get the OAuth2 Token using Application Registration's client id & client secret

            <dependency>  
                <groupId>com.microsoft.azure</groupId>  
                <artifactId>msal4j</artifactId>  
                <version>1.13.3</version>  
            </dependency>  
    

    Once you get the token, DO NOT encode to Base 64 else use as is. JMS API internally handles it