Search code examples
node.jsrubyoutlookmicrosoft-graph-apiimap

Authenticate an IMAP using Auth2.0 (Microsoft Entra ID) Not Working For Outlook

I am trying to connect the Outlook using IMAP. But nothing seems to be working. Here's what I am doing to achieve this

  1. Created Microsoft Entra Application Withh all the required permissions enter image description herePermission For Application

  2. Then From my Application I implemented Authentication in response of which I am getting the access_token, id_token, and refresh_token

  3. Documentation of Microsoft says that access_tokens can be of two types v1 or v2. But both formats will be in JWT format. Here you can see the documentation.enter image description here

  4. But when the I authenticate with the microsoft in response I get the access_token which is not like the format which they have mentioned in their docs. But that token works fine for api calling.

{"token_type"=>"Bearer",
     "scope"=>"IMAP.AccessAsUser.All POP.AccessAsUser.All SMTP.Send openid email User.Read Mail.Read MailboxSettings.Read Calendars.ReadWrite",
     "expires_in"=>3600,
     "ext_expires_in"=>3600,
     "access_token"=>
      "EwCIA8l6BAAUbDba3x2OMJElkF7gJ4z/VbCPEz0AAfPDLwhe0P5456tZc8RjRj7jWkCnOiV1To9l7jpqA2a3ciD+jRlmzQOrRsf78YiXbrSeXbmEShjt/xlfoIMWjASZKpM1f1jhUrFOpe9IQcCAeATIS1WRLbEnoOPvRi20SxV2s3FLEhSzogSlCvryLIIeYuwPGwDOopqoj+nCh99YI4QVSxeQe9XbhGhJ4fQ2KO4Kx9Z5/Lu+MgfKPG+CivDQW/x5lydpoV8PcV/uCnWerZL3kVyOBBvGqez0kgX/jJeArZa4S9LQ4+s79S7tzty8VxLyBMBTUmMSNfl7n6yPOX/F7POFPUE1+IT0+X8xArS9Dafli7sT3XdrJo6GwnwQZgAAENz3YvVnWNrra7qYc6EdHr5QAuEFDabHlplZO7WJWVJaU/IdTliXJ6cKlp8oxc5Bhrdl2+b3bQS2rE+ZgjenaPaBYKXZX5m8/YyRsk6CVGq1EncOP8+AltaF5nHAspOhDfnBujQPZPyjXMgPTiYlJYPTS8v4+ZWoH9hPEFSCeRbAkEyrQHGdog9294XphbW9tTNgFfWpLgZTcmqG046HDZ0FFKrRDRyvDGNrxybFlW9zhQykZaM4Ducmpsb5EKTSRofODKv7RAAogEsqYn6DePL8fAg2BcEyhZkFBNtTa6lvUWKCJUAQSKZY4+IU4USnJVFSMYWxU8LzGx+HUOWDYKQinnZAgjxEdyDfzDWNIekf/cTUz7uokjnGHFGMPInPBE4S6ZdL1u0ZNhiWa1KH8PmSr2PI0yjVZF9P2kFAo294s32VlnflFY3hoyjUbtUXdTBlh+eF27GOXNKJ8Ce6dkyXUdpfoZ5XB6mBvXnTQJcgccjO7beJ0JruEhRmTbjwr/44CgmdqCic5cRdPJwqXCjl8ZWa2fxViO2LqVaGn9ZzEZEGyfyx1UBvbuRwD7zkf5XWthqXSgM9wtu1ISSBwXNwBcYvzotq+BnaHU2maUQjVhFbMvuFJYSzfj0j3TH5DZHGqpdHRASklmkVvSYqQqnzFUTBDAH0/wxExdg5e6gDR2RttF4K95eqMbFiljexfYJI1VBE/3smgMs2cqCyCenQp2CHB/mbzQenMZJjxkurmQbcNzbFwmKvoI5/4b8i294QLhWGNI+gjx2krdSEzVZ6eKRNLG0GmqW2r6VH3XStVt+RAg==",
     "id_token"=>
      "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImRHdEhRTWhHbHRKVUNjSF9TUVc2NG5FVW9ZRSJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFKRGRpbVJoSl9wckRhWGZHWTZ5VTRJIiwiYXVkIjoiNmNhNmFhYzktMGI2MC00YzRmLWIxZDQtYTM1YjdiYjQ2OWMxIiwiZXhwIjoxNzIyNTM0MTQ5LCJpYXQiOjE3MjI0NDc0NDksIm5iZiI6MTcyMjQ0NzQ0OSwiZW1haWwiOiJvc2FtYWluYXlhdEBob3RtYWlsLmNvbSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImFpbyI6IkRxVnFCOWtYMGtxbnB6Zk5FbzZJZypodEZZTUNRQ1h5TnMzdk0zbHdYVnFoZVc5T2lIWjg4c1hiVWNhUnhCTG1BRUNhNEhzRkhENWthSmZZUWR1VXBlZHJ4Kio2RXNZQUZ6MjhIKm45Tk0wTlhkZU9yT2w2dVdxeGJmVDFyck9ra3BUITNGRHluUWZ6IUNMY0dZVE9Ea2ZORzdpakNVM0tjNERKRkdVSzdFMUY0Z2tQS2dVSkRGb28xd08haWVmZFRnJCQifQ.cJ3UOgg3Zvw--OCANG7My3bnJ60NrwCa-HqgiW_SRzhLwgw0X1hwbrt2K_8z52_j4zW_2kn_PhPPJmNthMl_odXjTqqdMGWQkqMLgtJahlvzTqrgQFs5hrxzHOseRp3EKH8plA_3B7mpsdkvo4q1uRFmQu8F5BstmEdKUCh0xQSQqX_-pi7Rcj7I_i4miDTwBRLkFBeQn-VZGRF5sqfdn208AKAk5WXI9nRjg0YaIVulfg8uLFXCvZgVd730Zm1m2qdjLnCroX5BIDETm7sd2wdbPIkEM5DS8y-Fk4Qh_WeLOvcY6aVQUX49Rkj0lym0gN358ObicwJQqM7JGFM46A"}

  1. After that I convert the token to SASL XOAUTH TOKEN. After that I try to connect to IMAP where I am never successful and that's where I need help. I have also allowed IMAP from my mailbox as well.

  2. I used Ruby, Node.js to convert the token to XOAUTH and connect. For ruby i used net/imap with gmail_auth and for node i have used imap/node-imap.

Any help in this regard will be much appreciated. I am planning to switch to read the email via apis if this does not works.

For Ruby I am trying to connect using

require 'gmail_xoauth'
require 'net/imap'
imap = Net::IMAP.new('outlook.office365.com', port: 993, ssl: true)
imap.authenticate('XOAUTH2', email, 'MY-TOKEN')

For node i have tried several ways one was to generate xoauthtoken as well.

let base64Encoded = Buffer.from([`[email protected]`, `auth=Bearer ${token}`, '', ''].join('\x01'), 'utf-8').toString('base64');
imap = new Imap({xoauth2: base64Encoded, host: 'outlook.office365.com', port: 993, tls: true, debug: console.log});

I am not able to exactly figure out where the problems actually is

Solution

  • Thank you @Max. The issue has been resolved. The mistake I was doing that I was putting the scope of microsoft graph while IMAP requires it to be outlook scope.

    For example I was using scope

    IMAP.AccessAsUser.All

    But the requirements for the IMAP was

    https://outlook.office.com/IMAP.AccessAsUser.All

    So after updating the scopes things started working.

    And again credit goes to @Max