I'm trying to connect to outlook.office365.com with Apache Camel. I was following instructions for camel component "Mail Microsoft Oauth"
On Azure side I created "App registration" and in my code I use "Application (client) ID" from that registration as client_id, and "Directory (tenant) ID" as tenant_id. Then I created client secret for that registration and I use "value" as client_secret.
Last I granted API permission "IMAP.AccessAsApp" and granted Admin consent.
In Java I have configured MicrosoftExchangeOnlineOAuth2MailAuthenticator
@Bean
public MicrosoftExchangeOnlineOAuth2MailAuthenticator auth() {
return new MicrosoftExchangeOnlineOAuth2MailAuthenticator(
<tenant_id>,
<client_id>,
<client_secret>, "valid@email.com");
}
and Camel route
public class MailListenerRoute extends RouteBuilder {
@Override
public void configure() throws Exception {
from("imaps://outlook.office365.com:993"
+ "?authenticator=#auth"
+ "&username=valid@email.com"
+ "&mail.imaps.auth.mechanisms=XOAUTH2"
+ "&mail.imap.auth.plain.disable=true"
+ "&mail.imap.auth.xoauth2.disable=false"
+ "&debugMode=true"
+ "&delete=false")
.tracing()
.log(">>> ${body}");
}
}
I have experimented with both putting and removing, username, mail.imap.auth.plain.disable and mail.imap.auth.xoauth2.disable but there was no changes in result.
I have put debug point at MicrosoftExchangeOnlineOAuth2MailAuthenticator and I have decoded JWT token that is received at method getPasswordAuthentication and I have confirmed by decoding it at JWT.ms that it is valid and that it contains
"roles": [
"IMAP.AccessAsApp"
]
When starting a flow this is logs for mail component:
DEBUG IMAPS: AUTHENTICATE XOAUTH2 command trace suppressed
DEBUG IMAPS: AUTHENTICATE XOAUTH2 command result: B1 NO AUTHENTICATE failed.
2023-07-03 10:03:34.206 WARN 16471 --- [fice365.com:993] o.a.camel.component.mail.MailConsumer : Failed polling endpoint: imaps://outlook.office365.com:993?authenticator=%23auth&debugMode=true&delete=false&mail.imaps.auth.mechanisms=XOAUTH2&username=xxxxxx. Will try again at next poll. Caused by: [javax.mail.AuthenticationFailedException - AUTHENTICATE failed.]
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:708) ~[jakarta.mail-1.6.7.jar:1.6.7]
I have fixed the issue by following instructions to set Service Principle
I had to run commands in Windows Powers Shell because command Connect-ExchangeOnline -Organization <tenantId> was failing in Azure power shell with message Connect-ExchangeOnline: A parameter cannot be found that matches parameter name 'Organization
I have run Windows Shell on AWS EC2 machine because I had no Windows available, and there was no problems.
All commands I have executed in Windows Shell:
Install-Module -Name ExchangeOnlineManagement -allowprerelease
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <tenantId>
$AADServicePrincipalDetails = Get-AzureADServicePrincipal -SearchString YourAppName
New-ServicePrincipal -AppId $AADServicePrincipalDetails.AppId -ObjectId $AADServicePrincipalDetails.ObjectId -DisplayName "EXO Serviceprincipal for AzureAD App $($AADServicePrincipalDetails.Displayname)"
$EXOServicePrincipal = Get-ServicePrincipal -Identity "EXO Serviceprincipal for AzureAD App YourAppName"
Add-MailboxPermission -Identity "valid@email.com" -User $EXOServicePrincipal.Identity -AccessRights FullAccess