This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 50%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Hi there,
I created a new O365 account and I am using the default email address to test this. I followed the common pattern to activate OAuth2 for accessing mails via IMAP. I am able to retrieve a token (using scope https://outlook.office365.com/.default), but when I try to read the mails from the mailbox I get the following error: A01 NO AUTHENTICATE
I followed the steps on this link: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
I created an application, generated a secret key, added API permissions (screenshot attached)
I have also added offline access and email to this list, still not able to authenticate.
And I am able to make the call. I tested the OAUTH call and login with details from a mailbox that I know work, so I know its nothing wrong with the API call itself, its got something to do with the mailbox.
I also activated IMAP on the mailbox itself.
Does anyone know how I can get this to work?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @Mark Vorster ,
Have you tried the methods mentioned by GlenScales-6756? If the reply is helpful, you could mark it as an answer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 54%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
I think that you have made a mistake on creating the Service Principal account
The OBJECT_ID is the Object ID from the Overview page of the Enterprise Application node (Azure Portal) for the application registration. It is not the Object ID from the Overview of the App Registrations node. Using the incorrect Object ID will cause an authentication failure.
Ref article: https://www.flowable.com/blog/office-365-exchange-oauth2-imap-authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 84%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Your missing the Application permissions for IMAP which are located under Office365 Exchange Online (all your current permissions are for the Graph which won't work for IMAP) . You need to select this from the API's my Organization uses under the Azure portal eg
The add the app permission for IMAP and Consent
The other thing that must be done and can't be skipped is
Register service principals in Exchange https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#register-service-principals-in-exchange
Explictly Grant Access to the Mailboxes the applicaiton will use eg
Add-MailboxPermission -Identity "john.smith@Company portal .com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
(You need to wait up to 15 minutes for these change to apply)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 0%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIR%3C/text%3E%3C/svg%3E)
I'm getting the same issue after doing all what is suggested by the documentation.
The Access Token still gets the NO AUTHENTICATION error.
Should I be using IMAP.AccessAsApp as my request scope?
