Microsoft intends to deprecate BASIC AUTH in all mail protocols for XO Accounts on October 1st, 2022:
Article: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
Authenticating an SMTP server connection fails for xaouth2
Have an issue with OAuth authentication to connect with IMAP protocol and access email data for Office 365 user.
When trying to authenticate an SMTP server connection with
AUTH XOAUTH2 <base64 string in XOAUTH2 format>
we get
1 NO AUTHENTICATE failed.
Followed all these steps
Registered the application with Azure Active Directory.
Tenant admin consent was granted in the azure active directory for IMAP permission.
Service principal registered in Exchange and given application's service principal full access to the mailbox.
Token was generated trough OAuth 2.0 tenant authorisation request with the default scope (https://ps.outlook.com/.default
).
![267095-pasted-graphic.png][1]
Also tried changing the scope from recommended to 'https://outlook.office.com/IMAP.AccessAsUser.All' which then results in
"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID
What could be wrong here so the authentication fails?
2 answers
Sort by: Most helpful
-
Amit Singh 5,071 Reputation points
2022-12-06T10:57:22.39+00:00 -
Glen Scales 4,441 Reputation points
2022-12-07T23:09:34.95+00:00 "error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID
That error is telling you that you haven't consented to the Application so you won't get further until you clear that error, I would suggest you try the manual the URL method from eg https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal
Construct the URL for granting tenant-wide admin consent
When granting tenant-wide admin consent using either method described above, a window opens from the Azure portal to prompt for tenant-wide admin consent. If you know the client ID (also known as the application ID) of the application, you can build the same URL to grant tenant-wide admin consent.The tenant-wide admin consent URL follows the following format:
HTTP
Copy
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}
where:{client-id} is the application's client ID (also known as app ID).
{tenant-id} is your organization's tenant ID or any verified domain name.
As always, carefully review the permissions an application requests before granting consent.