Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't connect to consumer Outlook OAuth IMAP (hotmail.xx & outlook.xx mailbox) #519

Open
Pascal76 opened this issue Sep 24, 2024 · 2 comments
Open

Can't connect to consumer Outlook OAuth IMAP (hotmail.xx & outlook.xx mailbox) #519

Pascal76 opened this issue Sep 24, 2024 · 2 comments

Comments

@Pascal76
Copy link

Pascal76 commented Sep 24, 2024
edited
Loading

Hello,

I saw a lot of documents concerning the B2B part (it works fine), and no one about the consumer mailboxes.
I configured everything as expected (I think)
I can even can get the access/refresh token without any issue but the connexion fails.

Scope : openid email User.Read IMAP.AccessAsUser.All
(
openid offline_access email User.Read https://outlook.office.com/IMAP.AccessAsUser.All is not valid
and IMAP.AccessAsApp can't be added for consumer mailboxes
and https://outlook.office.com/Mail.ReadWrite does not help
)

URLs:
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
https://login.microsoftonline.com/consumers/oauth2/v2.0/token

(I replaced values with XXX below)

Config :
[accounts] => Array
(
[default] => Array
(
[host] => outlook.office365.com
[port] => 993
[protocol] => imap
[encryption] => ssl
[validate_cert] => 1
[username] => [email protected]
[password] => XXX (the access token)
[authentication] => oauth

Debug :

OK The Microsoft Exchange IMAP4 service is ready. [XXX]

TAG1 AUTHENTICATE XOAUTH2 XXX...

<< TAG1 NO AUTHENTICATE failed.

Same issue if I did it manually (openssl s_client -crlf -connect outlook.office365.com:993 ...)
@Pascal76
Copy link
Author

Pascal76 commented Sep 25, 2024
edited
Loading

Today I was able to make it works.

The scope for "response_type=code" : openid offline_access email User.Read wl.offline_access wl.imap wl.emails https://outlook.office.com/IMAP.AccessAsUser.All
The scope for "grant_type=authorization_code" : https://graph.microsoft.com/.default
Then I don't know why I must request a new access_token ("grant_type=refresh_token") to make it work with scope : https://outlook.office.com/.default

@iwkse
Copy link

iwkse commented Oct 26, 2024
edited
Loading

Hi, we're having the same issue.
We are using a personal account to create the credentials, client ID and client secret.
I didn't understand well how you made it works.
grant_type=refresh_token doesn't seem to be valid.

We're doing like this:

https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?
&client_id=4732ae67-xxxx-yyyy-zzzz-dc01692174c1
&response_type=code
&redirect_uri=https://www.xxxyyy.it/xxxx/test-imap.php
&response_mode=query
&scope=https://graph.microsoft.com/.default
&grant_type=authorization_code
&state=12345

This one works and we get the code that we use in such call:

https://login.microsoftonline.com/consumers/oauth2/v2.0/token

client_id:4732ae67-xxxx-yyyy-zzzz-dc01692174c1
client_secret:-YYYYYYYYYYYYYY~xxxxxxxxxxxxxxxxxxx
grant_type:client_credentials
scope: https://outlook.office.com/.default
code:M.C522_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For scopes:
openid offline_access email User.Read wl.offline_access wl.imap wl.emails https://outlook.office.com/IMAP.AccessAsUser.All
I don't understand where you set this. In the /token POST it accepts only .default

@iwkse iwkse mentioned this issue Oct 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iwkse @Pascal76