SMTP return 535: 5.7.3 Authentication unsuccessful Error When using OAuth2 Access Token via Device Code Flow

Question

Hello Everyone I am developing an OAuth2 application for limited input devices to be able to send email via SMTP using OAuth2 Access Token but I got this error 535: 5.7.3 Authentication unsuccessful for consumer accounts. These are the endpoints I used to exchange for device codes and poll for the Access Token. device code endpoint = https://login.microsoftonline.com/common/oauth2/v2.0/devicecode token endpoint = https://login.microsoftonline.com/common/oauth2/v2.0/token Scopes used are: offline_access and SMTP.Send Anybody from Microsoft would like to check this issue? Thanks in advance.

Answer 1

It could be that the SMTP authentication of your Office 365 account hasn't been enabled. The third-party application uses SMTP submission to authenticate Office 365 accounts. To allow the SMTP auth, you can refer to the following instruction. Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online. As a side note, running the PowerShell commands requires an Office 365 admin account to Connect to Exchange Online PowerShell.

Answer 2

Hi @ Enzo Tech，

To better solve this issue, I would like to confirm what your email account type is?

If your account is Exchange online, I recommend that you verify the following in your tenant:

1.Whether authenticated SMTP is enabled for the affected user

-Navigate to Active users - Microsoft 365 admin center

-Select the user you want to test with.

-Make sure Authenticated SMTP is selected.

2.Verify that security defaults are disabled in your organization.

3.Disable Multi Factor Authentication (MFA) on the licensed mailbox being used:

-In the Microsoft 365 admin center, in the left navigation menu choose Users > Active users.

-On the Active users page, choose Multi-factor authentication.

-On the Multi-factor authentication page, select the user and set the Multi-factor auth status to Disabled.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

Hi @ Enzo Tech,

Thanks for your reply!

Exchange online is mainly focused on the technical questions about the configuration and administration of Exchange Online.

About personal accounts outlook.com has their own forum, here you can post questions: Results in Outlook - Microsoft Community

  Thanks for your understanding and patience!

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

This issue can still be reproduced. I created a program written in Rust-Lang to prove that the access token retrieve via Device Code Flow is not working for SMTP XOAUTH2.

Source Code:

https://github.com/LorenzoLeonardo/microsoft-smtp-xoauth2-test-tool

Scopes: offline_access, SMTP.Send

Endpoints:

https://login.microsoftonline.com/common/oauth2/v2.0/devicecode

https://login.microsoftonline.com/common/oauth2/v2.0/token

Answer 5

It seems it is already working it seems there is a mystery fix in MS end.

This is the test tool I created written in Rust Programming Language.