A1 NO AUTHENTICATE failed using JavaMail and OAuth2 authentication.

Question

Hello, I try to connect to an e-mail server via IMAP protocol after obtaining an OAuth 2.0 access token. I use app-only access scenario. I'm receiving an access token, but when I try to connect to the server, I'm getting an A1 NO AUTHENTICATE failed. Could you provide an example, how can connect to the server using OAuth2 authentication. This is my code:

I'm getting an access token using this getAccessToken() method. The token has these roles:  "full_access_as_app", "IMAP.AccessAsApp".

public String getAccessToken() {
        MultiValueMap<String, String> bodyValues = new LinkedMultiValueMap<>();
        bodyValues.add("client_id", mailProperties.getClientId());
        bodyValues.add("client_secret", mailProperties.getClientSecret());
        bodyValues.add("scope", "https://outlook.office365.com/.default");
        bodyValues.add("grant_type", "client_credentials");

        return WebClient.builder()
                .baseUrl("https://login.microsoftonline.com")
                .build().post()
                .uri("/{tenantId}/oauth2/v2.0/token", mailProperties.getTenantId())
                .contentType(MediaType.APPLICATION_FORM_URLENCODED)
                .accept(MediaType.APPLICATION_JSON)
                .body(BodyInserters.fromFormData(bodyValues))
                .retrieve()
                .bodyToMono(TokenDTO.class)
                .block()
                .getAccessToken();
    }

When the token is received, I try to connect to the server and get the inbox folder. This is my way to do that:

String accessToken = getAccessToken();

        Properties props = new Properties();
        props.put("mail.debug", "true");
        props.put("mail.store.protocol", "imaps");
        props.put("mail.imaps.port", 993);
        props.put("mail.imaps.ssl.enable", "true");
        props.put("mail.imaps.starttls.enable", "true");
        props.put("mail.imaps.auth.mechanisms", "XOAUTH2");

        Session session = Session.getInstance(props);

        Store store = session.getStore();
        store.connect("outlook.office365.com", "some_email", accessToken);

        return store.getFolder(name);

And this is my logs. As you see, I'm getting the "A1 NO AUTHENTICATE failed" error in the end:

DEBUG: JavaMail version 1.6.2
DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
DEBUG: getProvider() returning javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Oracle]
DEBUG IMAPS: mail.imap.fetchsize: 16384
DEBUG IMAPS: mail.imap.ignorebodystructuresize: false
DEBUG IMAPS: mail.imap.statuscachetimeout: 1000
DEBUG IMAPS: mail.imap.appendbuffersize: -1
DEBUG IMAPS: mail.imap.minidletime: 10
DEBUG IMAPS: closeFoldersOnStoreFailure
DEBUG IMAPS: trying to connect to host "outlook.office365.com", port 993, isSSL true
* OK The Microsoft Exchange IMAP4 service is ready. [*****************]
A0 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
A0 OK CAPABILITY completed.
DEBUG IMAPS: AUTH: PLAIN
DEBUG IMAPS: AUTH: XOAUTH2
DEBUG IMAPS: protocolConnect login, host=outlook.office365.com, user=*********, password=<non-null>
DEBUG IMAPS: AUTHENTICATE PLAIN command trace suppressed
DEBUG IMAPS: AUTHENTICATE PLAIN command result: A1 NO AUTHENTICATE failed.

Answer 1

Hi @Aleksandr ,

Thanks for reaching out.

I understand that you are using client credential flow to obtain the OAuth Token using v2.0 via IMAP and trying to read mail using JavaMail.

1.For client credentials flow, you need to add application permissions under Office 365 Exchange Online

Make sure to grant admin consent for all the application permissions.

Once consent has been provided, the admin must register your AAD application's service principal in Exchange using powerShell by following commands:

2.Install ExchangeOnlineManagement Install-Module -Name ExchangeOnlineManagement -allowprerelease Import-module ExchangeOnlineManagement Connect-ExchangeOnline -Organization

3.Register Service Principal in Exchange: 1.New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>] Make sure to use ObjectId from enterprise applications rather than object id of application registration.
For the same application you registered in Application Registration. A corresponding application has been created in Enterprise Application as well. You need to pass object id from there while registering service principal in Exchange:

2.Get-ServicePrincipal | fl

3.Add-MailboxPermission -Identity "[******@contoso.com]" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

4. In the application, you need to use scope = 'https://outlook.office365.com/.default '

Once you will get the access token, you can create and open a Java Mail connection to read mails.

Properties props = new Properties();

props.put("mail.store.protocol", "imap");
props.put("mail.imap.host", "outlook.office365.com");
props.put("mail.imap.port", "993");
props.put("mail.imap.ssl.enable", "true");
props.put("mail.imap.starttls.enable", "true");
props.put("mail.imap.auth", "true");
props.put("mail.imap.auth.mechanisms", "XOAUTH2");
props.put("mail.imap.user", mailAddress);
props.put("mail.debug", "true");
props.put("mail.debug.auth", "true");

// open mailbox....
String token = getAuthToken(tanantId,clientId,client_secret);
Session session = Session.getInstance(props);
session.setDebug(true);
Store store = session.getStore("imap");
store.connect("outlook.office365.com", mailAddress, token);

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.