Not able to make IMAP & Graph APIs work

CovrEdge Support 0 Reputation points
2023-02-28T06:33:54.3966667+00:00

Hi,

I am trying to connect to office 365 mail box through IMAP . for this I am using @azure/msal-node. which is giving me access token. When I decode that token at https://jwt.ms/ , it gives me following roles :

 "roles": [
    "User.Read.All",
    "full_access_as_app",
    "Mail.ReadWrite",
    "User.ReadBasic.All",
    "Mail.Read",
    "IMAP.AccessAsApp"
  ]
async function connect_imap(token){
  
const mailId = 'help@example.com';  
// const token =  
//   'eyJ0eXAiOiJKV1QiLCJub25jZSI6ImRvd3R0S2draG1fVGN1T1g3S1p................';  
//const auth2 = btoa('user=' + mailId + '^Aauth=Bearer ' + token + '^A^A');  
let auth2 =  Buffer.from([
//const auth2 = buffer.from(("user="+mailId+"\x01auth=Bearer "+token+"\x01\x01")).toString('base64');    
  
var imap = new Imap({  
  xoauth2: auth2,  
  host: 'outlook.office365.com',  
  port: 993,  
  tls: true,  
  //secure:true,
  debug: console.log,  
  authTimeout: 25000,  
  connTimeout: 300000,  
  tlsOptions: {  
    rejectUnauthorized: false,  
    servername: 'outlook.office365.com'  
  }  
});  
  
function openInbox(cb) {  
  imap.openBox('INBOX', true, cb);  
}  
  
imap.once('ready', function () {  
  openInbox(function (err, box) {  
    if (err) throw err;  
    var f = imap.seq.fetch('1:3', {  
      bodies: 'HEADER.FIELDS (FROM TO SUBJECT DATE)',  
      struct: true  
    });  
    f.on('message', function (msg, seqno) {  
      console.log('Message #%d', seqno);  
      var prefix = '(#' + seqno + ') ';  
      msg.on('body', function (stream, info) {  
        var buffer = '';  
        stream.on('data', function (chunk) {  
          buffer += chunk.toString('utf8');  
        });  
        stream.once('end', function () {  
          console.log(  
            prefix + 'Parsed header: %s',  
            inspect(Imap.parseHeader(buffer))  
          );  
        });  
      });  
      msg.once('attributes', function (attrs) {  
        console.log(prefix + 'Attributes: %s', inspect(attrs, false, 8));  
      });  
      msg.once('end', function () {  
        console.log(prefix + 'Finished');  
      });  
    });  
    f.once('error', function (err) {  
      console.log('Fetch error: ' + err);  
    });  
    f.once('end', function () {  
      console.log('Done fetching all messages!');  
      imap.end();  
    });  
  });  
});  
  
imap.once('error', function (err) {  
  console.log(err);  
});  
  
imap.once('end', function () {  
  console.log('Connection ended');  
});  
  
imap.connect();
}

When I pass token to above function, I always get

NO AUTHENTICATE failed
{
  type: 'no',
  textCode: undefined,
  source: 'authentication'
}

Seems like I am missing something at the Azure Active Directory App registration settings:

Following is the screenshot for the permissions that I gave for the application. I added some delegated permissions as well to try with graph APIs but no luck. I think messages should be descriptive so that It can save million Dollars Hours of developers who are having trust in Microsoft :

User's image

What I have followed for App registration :
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
What I have followed for IMAP registration :
https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

For the Powershell commands installed Powershell on my linux Distro.

For Node.js Code I took help from :
https://learn.microsoft.com/en-us/answers/questions/875398/read-outlook-mails-via-imap-using-nodejs-and-oauth
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-node-migration

I have added stackoverflow question as well but no body seems to be bothered about it :
https://stackoverflow.com/questions/75577881/not-able-to-authenticate-office-365-via-imap-auth-2-0-no-authenticate-failed

Any help will be appriciated. Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,094 questions
0 comments No comments
{count} votes