Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions
Modern Authentication Access Token works for IMAP but doesn't for POP3
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 41%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Baran ÇAMLI
0
Reputation points
I've encountered problem with pop3s protocol, I want to authenticate using AccessToken I've got from Device Code flow from o365. Followed these steps as follows :
- Get Device Code with my organization client_id and scope :
- Login to microsoft.com/devicelogin and give necessary permissions 3.Get Access token from microsoft using same scope and device code from the step before
I want to authenticate using imap,curl and mapi. When I try this access code with IMAP :
curl -vvv --url "imaps://outlook.office365.com" --user "barancamli@outlook.com" --oauth2-bearer "<my_auth_token>"
I get successful Authentication Message
* Trying 52.98.168.178:993...
* Connected to outlook.office365.com (52.98.168.178) port 993 (#0)
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=outlook.com
* start date: Jul 26 00:00:00 2022 GMT
* expire date: Jul 25 23:59:59 2023 GMT
* subjectAltName: host "outlook.office365.com" matched cert's "*.office365.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Cloud Services CA-1
* SSL certificate verify ok.
< * OK The Microsoft Exchange IMAP4 service is ready. [...]
> A001 CAPABILITY
< * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
< A001 OK CAPABILITY completed.
> A002 AUTHENTICATE XOAUTH2 <my_auth_token>
< A002 OK AUTHENTICATE completed.
> A003 LIST "" *
< * LIST (\HasNoChildren) "/" Archive
* LIST (\HasNoChildren) "/" Archive
< * LIST (\HasChildren \Trash) "/" Deleted
* LIST (\HasChildren \Trash) "/" Deleted
< * LIST (\HasNoChildren \Drafts) "/" Drafts
* LIST (\HasNoChildren \Drafts) "/" Drafts
< * LIST (\Marked \HasNoChildren) "/" Inbox
* LIST (\Marked \HasNoChildren) "/" Inbox
< * LIST (\HasNoChildren \Junk) "/" Junk
* LIST (\HasNoChildren \Junk) "/" Junk
< * LIST (\HasNoChildren) "/" Notes
* LIST (\HasNoChildren) "/" Notes
< * LIST (\HasNoChildren) "/" Outbox
* LIST (\HasNoChildren) "/" Outbox
< * LIST (\HasNoChildren \Sent) "/" Sent
* LIST (\HasNoChildren \Sent) "/" Sent
< A003 OK LIST completed.
* Connection #0 to host outlook.office365.com left intact
However, when I try with same token for pop3
curl -vvv --url "pop3s://outlook.office365.com" --user "barancamli@outlook.com" --oauth2-bearer "<my_auth_token>"
I get the following response :
* Trying 52.98.246.50:995...
* Connected to outlook.office365.com (52.98.246.50) port 995 (#0)
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
* subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=outlook.com
* start date: Jul 26 00:00:00 2022 GMT
* expire date: Jul 25 23:59:59 2023 GMT
* subjectAltName: host "outlook.office365.com" matched cert's "*.office365.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert Cloud Services CA-1
* SSL certificate verify ok.
< +OK The Microsoft Exchange POP3 service is ready. [...]
> CAPA
< +OK
< TOP
< UIDL
< SASL PLAIN XOAUTH2
< USER
< .
> AUTH XOAUTH2
< +
> my_auth_code
< -ERR Authentication failure: unknown user name or bad password.
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (67) Login denied
Thank you for your time and help in advance !
{count} votes
-
Alfredo Revilla - Senior Freelance SWE, SWA, IAM 27,016 Reputation points2023-05-16T13:40:13.7933333+00:00 Hello @Baran ÇAMLI , I will work on this ASAP. Bear with me it may take me 1 or 2 days to come back.
Sign in to comment