Reading mails using IMAP and OAuth2 - A01 NO AUTHENTICATE

Mark Vorster 1 Reputation point
2022-10-20T13:13:59.94+00:00

Hi there,

I created a new O365 account and I am using the default email address to test this. I followed the common pattern to activate OAuth2 for accessing mails via IMAP. I am able to retrieve a token (using scope https://outlook.office365.com/.default), but when I try to read the mails from the mailbox I get the following error: A01 NO AUTHENTICATE

I followed the steps on this link: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

I created an application, generated a secret key, added API permissions (screenshot attached)

252438-permissions.png
I have also added offline access and email to this list, still not able to authenticate.

And I am able to make the call. I tested the OAUTH call and login with details from a mailbox that I know work, so I know its nothing wrong with the API call itself, its got something to do with the mailbox.

I also activated IMAP on the mailbox itself.

Does anyone know how I can get this to work?

Microsoft 365 and Office | Development | Microsoft 365 Publishing
Microsoft Security | Microsoft Graph
{count} votes

2 answers

Sort by: Most helpful
  1. Niraj Kumar 5 Reputation points
    2023-03-31T05:31:42.5066667+00:00

    I think that you have made a mistake on creating the Service Principal account

    The OBJECT_ID is the Object ID from the Overview page of the Enterprise Application node (Azure Portal) for the application registration. It is not the Object ID from the Overview of the App Registrations node. Using the incorrect Object ID will cause an authentication failure.

    Ref article: https://www.flowable.com/blog/office-365-exchange-oauth2-imap-authentication

    1 person found this answer helpful.
    0 comments No comments

  2. Glen Scales 4,446 Reputation points
    2022-10-21T01:13:06.23+00:00

    Your missing the Application permissions for IMAP which are located under Office365 Exchange Online (all your current permissions are for the Graph which won't work for IMAP) . You need to select this from the API's my Organization uses under the Azure portal eg

    252773-image.png

    The add the app permission for IMAP and Consent

    252772-image.png

    The other thing that must be done and can't be skipped is

    Register service principals in Exchange https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#register-service-principals-in-exchange

    Explictly Grant Access to the Mailboxes the applicaiton will use eg
    Add-MailboxPermission -Identity "john.smith@Company portal .com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

    (You need to wait up to 15 minutes for these change to apply)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.