This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 3%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
Hello,
I have created an application in Azure for OAuth 2 authentication, to use it in a web application.
The problem is that I have already set all the corresponding permissions following the https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth site, it gets the token correctly, but it does not connect to the IMAP server.
The screenshot of the applied permissions:
The scopes used to get the access token are: openid, profile, email, offline_access and https://graph.microsoft.com/IMAP.AccessAsUser.All.
The web application is in a development environment, and I use a Rust library to make the connection.
The configuration used is:
Server: outlook.office365.com
Port: 993
Even updating the access token using the refresh token works correctly, but not the connection to the IMAP server.
The error I get when trying to authenticate is: NO AUTHENTICATE failed
Maybe it is necessary to add the users in some Azure service, to later give public access to the users when the application is published and verified?
Thank you for your support,
Jorge
The screenshot does not show the https://graph.microsoft.com/IMAP.AccessAsUser.All. permission as added, make sure it has been added to your app registration first . similarly, make sure the access token you obtain contains it. You can use tools such as jwt.ms to decode the token and verify the scopes/roles therein.
The user's mailbox itself must be enabled for IMAP access.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 11%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hi @Jorge Ortega ,
Just checking in to see if above information was helpful. If it is useful, would you mind marking the helpful post as an answer? Which would benefit others who also has similar issues in forum.
Hello, thank you for your response.
Sorry, i removed that permission just for test purposes. But even i added again, it gives the same response: NO AUTHENTICATE failed.
I tried to get the Access Token through Postman for testing purposes. The scopes it gives in the response are the specified in the screenshot:
(openid profile email https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/User.Read https://graph.microsoft.com/Mail.ReadWrite)
Using the received token i tried to connect to imap server with the same address (outlook.office365.com:993) through openssl and got the same response (NO AUTHENTICATE failed):
Maybe i'm doing something wrong? or i'm missing some permissions?
Thank you for your support,
Jorge
Adding some additional information to the question.
The requests I made were using a personal Microsoft account (@outlook.com, @hotmail.com) and the endpoints with the parameter "common" instead of "tenant".
eg. https://login.microsoftonline.com/common/oauth2/v2.0/authorize
that's the reason i cannot decode the token using jwt.ms
Thank you for your support,
Jorge