Reading mails using IMAP and OAuth2 - A01 NO AUTHENTICATE

Mark Vorster 1 Reputation point
2022-10-20T13:13:59.94+00:00

Hi there,

I created a new O365 account and I am using the default email address to test this. I followed the common pattern to activate OAuth2 for accessing mails via IMAP. I am able to retrieve a token (using scope https://outlook.office365.com/.default), but when I try to read the mails from the mailbox I get the following error: A01 NO AUTHENTICATE

I followed the steps on this link: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

I created an application, generated a secret key, added API permissions (screenshot attached)

252438-permissions.png
I have also added offline access and email to this list, still not able to authenticate.

And I am able to make the call. I tested the OAUTH call and login with details from a mailbox that I know work, so I know its nothing wrong with the API call itself, its got something to do with the mailbox.

I also activated IMAP on the mailbox itself.

Does anyone know how I can get this to work?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,112 questions
Microsoft 365 Publishing
Microsoft 365 Publishing
Microsoft 365: Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line. Publishing: The process of preparing, producing, and releasing content for distribution or sale.
603 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Niraj Kumar 5 Reputation points
    2023-03-31T05:31:42.5066667+00:00

    I think that you have made a mistake on creating the Service Principal account

    The OBJECT_ID is the Object ID from the Overview page of the Enterprise Application node (Azure Portal) for the application registration. It is not the Object ID from the Overview of the App Registrations node. Using the incorrect Object ID will cause an authentication failure.

    Ref article: https://www.flowable.com/blog/office-365-exchange-oauth2-imap-authentication

    1 person found this answer helpful.
    0 comments No comments

  2. Glen Scales 4,431 Reputation points
    2022-10-21T01:13:06.23+00:00

    Your missing the Application permissions for IMAP which are located under Office365 Exchange Online (all your current permissions are for the Graph which won't work for IMAP) . You need to select this from the API's my Organization uses under the Azure portal eg

    252773-image.png

    The add the app permission for IMAP and Consent

    252772-image.png

    The other thing that must be done and can't be skipped is

    Register service principals in Exchange https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#register-service-principals-in-exchange

    Explictly Grant Access to the Mailboxes the applicaiton will use eg
    Add-MailboxPermission -Identity "john.smith@Company portal .com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

    (You need to wait up to 15 minutes for these change to apply)