sending email using javmail with OAuth2 and smtp

Question

sending email using javmail with OAuth2 and smtp

Mike Gleeson 1

Hi. Does anyone know what scopes should be set to allow the sending of email using SMTP. We are using javamail with Oauth2 and we have successfully got it working to read email using imap now we want to send email using smtp.

https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

DEBUG SMTP: SASL client XOAUTH2
DEBUG SMTP: SASL callback length: 2
DEBUG SMTP: SASL callback 0: javax.security.auth.callback.NameCallback@5d1be090
DEBUG SMTP: SASL callback 1: javax.security.auth.callback.PasswordCallback@1418191d
AUTH XOAUTH2

535 5.7.3 Authentication unsuccessful [LO6P265CA0005.GBRP265.PROD.OUTLOOK.COM]
DEBUG SMTP: SASL authentication failed

The token, if I obtain it using the https://graph.microsoft.com/.default scope, comes back with the role "Mail.Send". If I use the scope https://outlook.office.com/.default I get the roles full_access_as_app, Mail.Send, and IMAP.AccessAsApp. There appear to be no scopes that give me the SMTP.Send or offline_access "roles" (or permissions or whatever), even though we've assigned them to the application.

While getting the imap to work we had to run the following command after creating a new New-ServicePrincipal Add-MailboxPermission -Identity -Acc
essRights FullAccess. Is their something similar to do for sending email.

1 answer

Your answer

Answer 1

CarlZhao-MSFT 46,431

Hi @Mike Gleeson

The SMTP.Send is a delegated permission, so it only supports delegated authentication flows. You may be using a daemon-based client credentials flow, which is why your token does not have SMTP.Send permissions.

You can try using ROPC flow or auth code flow to get a user token:

Parse the access token:

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Mike Gleeson 1 Reputation point

2022-12-01T13:58:34.267+00:00

we are trying to write an application that does not have an internet-visible endpoint for the Microsoft authentication servers to interact with, and that we want to be sending emails on behalf of a single internal user. The auth code flow will not work, as it needs to have an internet-visible location that the authentication server can respond to.

The problem is a) are we using the correct set of permissions to allow us to send an email, and b) why is our authentication failing. With the first issue, it's not at all clear why Mail. Send doesn't allow us to connect to the SMTP server to actually send an email. Is it because we need to have SMTP. Send instead? If so, what purpose does Mail. Send fulfil? With the second issue, is smtp.outlook.com the correct server to be trying to connect to? I've tried several: smtp.outlook.com, smtp.office365.com, outlook.office365.com, but all of them have given me the same results.

There seems to be very little documentation around this with regards to what permissions should be set to allow the sending of mail using smtp. From my research many others are having similar problems, but their posts are left unanswered on other forums. It would be really helpful if there was some info on the settings needed to use the Javamail api. Are there any tools that can be used to troubleshoot the error?

535 5.7.3 Authentication unsuccessful [LO6P265CA0005.GBRP265.PROD.OUTLOOK.COM]
DEBUG SMTP: SASL authentication failed

Share via

sending email using javmail with OAuth2 and smtp

1 answer

Your answer