Search code examples
javaauthenticationemailoffice365jakarta-mail

Outlook Javax.mail 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully

I am trying to send an email using jakarta.mail 2.0.1. The below mentioned error has started occurring recently. I am not sure what is causing it, but I suspect that it might have something to do with Outlook 365 and the SMTP settings. I am however getting the following error when trying to do so:

2023-07-28T00:36:08.077359363Z javax.mail.AuthenticationFailedException: 535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. Contact your administrator. [xxxxx 2023-07-28T00:36:07.942Z xxxxx]
2023-07-28T00:36:08.077401363Z 
2023-07-28T00:36:08.077407063Z  at com.sun.mail.smtp.SMTPTransport$Authenticator.authenticate(SMTPTransport.java:947)
2023-07-28T00:36:08.077411063Z  at com.sun.mail.smtp.SMTPTransport.authenticate(SMTPTransport.java:858)
2023-07-28T00:36:08.077414563Z  at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:762)
2023-07-28T00:36:08.077417963Z  at javax.mail.Service.connect(Service.java:342)
2023-07-28T00:36:08.077427964Z  at javax.mail.Service.connect(Service.java:222)
2023-07-28T00:36:08.077431564Z  at javax.mail.Service.connect(Service.java:243)
2023-07-28T00:36:08.077434864Z  at javax.mail.Transport.send0(Transport.java:228)
2023-07-28T00:36:08.077456364Z  at javax.mail.Transport.send(Transport.java:150)
2023-07-28T00:36:08.077459864Z  at com.nomnom.communicationserver.communication.SMTPHelper.sendEmail(SMTPHelper.java:324)
2023-07-28T00:36:08.081170884Z  at com.nomnom.communicationserver.servlet.SenderServlet.doPost(SenderServlet.java:191)

The program has earlier worked, however it recently started giving me the above error.

My configuration for setting up the Transporter is as follows:

Properties smtpProps = new Properties();

// SMTP
smtpProps.put("mail.smtp.auth", "true");
smtpProps.put("mail.smtp.starttls.enable", "true");
smtpProps.put("mail.smtp.auth.mechanisms", "XOAUTH2");
smtpProps.put("mail.smtp.host", "smtp.office365.com");
smtpProps.put("mail.smtp.port", "587"); // required for outlook
      
smtpSession = Session.getInstance(smtpProps);
smtpSession.setDebug(true);
transport = (SMTPTransport) smtpSession.getTransport("smtp");

In addition to this, here is the code that I use to send the request:


private static String acquireToken() throws Exception {
  ConfidentialClientApplication app = ConfidentialClientApplication.builder(
        dotenv.get("CLIENT_ID"),
        ClientCredentialFactory.createFromSecret(dotenv.get("CLIENT_SECRET")))
          .authority(dotenv.get("CLIENT_AUTHORITY"))
          .build();   
  
  ClientCredentialParameters clientCredentialParam = ClientCredentialParameters.builder(
          Collections.singleton(scope))
          .build();
  
  CompletableFuture<IAuthenticationResult> future = app.acquireToken(clientCredentialParam);
  IAuthenticationResult result = future.get();
  return result.accessToken();
}

public void sendEmail(String destination) throws Exception {
  MimeMessage message = new MimeMessage(session);

  // [...]

  // Connect if not already connected
  if (!transport.isConnected()) {
    String accessToken = acquireToken();
    transport.connect("smtp.office365.com", dotenv.get("MAIL_USERNAME"), accessToken);
  }

  transport.sendMessage(message, message.getAllRecipients());
}

Things I have tried:

  • I have tried using username & password, with same error
  • I have ensured that the username and password was correct in this case.
  • I have enabled SMTP Auth in the admin panel aswell.

I am for some reason unable to create an App Password for the email. It should also be mentioned that the email is a work account and that it is an Outlook email. I have noticed that others have experienced similar problems with their Outlook personal accounts. However I have not seen the error mentioned with a solution for work accounts.

If any more information is needed, please feel free to request it :)

Solution

  • I figured out what was causing the problem. The problem was not caused by MFA or anything like that. It was instead caused by the accessToken not having the correct permissions configured.

    The way I fixed it was going to the App Registrations -> API Permissions. After this, the application needed the SMTP.SendAsApp permission. I had previously added the Mail.Send permission. However this was not enough. It should also be mentioned that it needs to be under the Office 365 Exchange Online category.

    The way I located the problem: If anyone else stumbles upon this problem, I would recommend taking the oauth access token and putting it into a website like jwt.io. Here it is possible to see the scopes of the token amongst other things. This helped me see the missing permission.