IMAP 'AUTHENTICATE failed.' for outlook but imap is connected

0 votes

Now please find section of below code i am trying to run it gives me Authentication Failure error.

However, the imap is connected. Both the username and accessToken are correct as well.

 var app = ConfidentialClientApplicationBuilder
     .Create(clientId)
     .WithTenantId(tenantId)
     .WithClientSecret(clientSecret)
     .Build();

 string[] scopes = new string[] { "https://outlook.office365.com/.default openid offline_access" };

 var result = await app.AcquireTokenForClient(scopes).ExecuteAsync();

 string accessToken= result.AccessToken;


 var imap = new Imap();

 // server (successfully connected)
 imap.ConnectSSL("outlook.office365.com"); 

 // throws an exception here
 imap.LoginOAUTH2("username", "accessToken");

Hello support team, I have done the setup as per the documentation. And it works fine from the access token that I received after login which is in below format.

Sample of Access token able to authenticate:
EwBAA+l3BAAUnQP8Jfa2FYxR0AX7HsEZwOdW.... ==

However, on refreshing new access token the format is in base64Url so I convert it to base64 at first. In both format it seems to throw me authentication error. Below is the token format that I received after refreshing.

Sample of Access token unable to authenticate:
eyJ0eXAiOiJKV1QiLCJub25jZSIF3_Aw

by (211 points)
edited by

1 Answer

+1 vote

If you get an authentication failure it means the token is not correct or that IMAP protocol is disabled for the account you are using.

It is the server that is refusing the authentication, not Mail.dll.

I believe server address for for Office365 should be:
outlook.office365.com

User name must be in email address format:
username@your-domain.onmicrosoft.com

Make sure IMAP is enabled for your organization and mailbox:
https://www.limilabs.com/blog/office365-enable-imap-pop3-smtp

Depending on the flow you used, you need to follow the steps precisely:

Daemons/Services: Password grant (MFA/2FA must be turned off for this account):
https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

Daemons/Services: Client credential flow:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

Web apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-web-flow-office365-exchange-imap-pop3-smtp

Standalone devices (requires very little interaction):
https://www.limilabs.com/blog/oauth2-device-flow-office365-exchange-imap-pop3-smtp

Desktop apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

If you followed the steps and it still doesn't work, you'll need to contact Microsoft support and create a ticket.

by (301k points)
Hello Limilabs Support Team, I have updated my queries after trying the solution you have provided. I was able to authenticate in one way but refreshing the access token is not working in my case. Does the LoginOAUTH2 does not support access token in base64Url format? Any information regarding this is appreciated.
by (211 points)
You should not encode access token in anyway before passing to LoginOAUTH2 method.

Access token is a very long string (some parts are base 64 encoded). It looks more or less like this:

"eyJ0eXAiOiJKV1QiLC......J9.eyJhdWQiO...
...OTAiXX0.BiSPw68shqK_7Lz......AbiVs_kX7gkZz7WkBJFqQQ"

but is much bigger.
by (301k points)
I tried without encoding the access token as well. But I get the same error. Below is a faction of my access token for testing. Overall, it contains 1483 characters.

ey..._Aw
by (211 points)
Your code has multiple issues:

- scopes are not correct - it's an array, don't use space to separate scopes:

   string[] scopes = new string[] {
        "https://outlook.office365.com/.default" ,
        "some-other-scope",
        "another-scope"`
    };
- you are using "accessToken" string instead of accessToken variable.

You need to follow and double check the steps described in the OAuth articles. Do not share your access tokens online, it doesn't help in any way, and is a security risk.

If your server still refuses to authenticate you, you'll need to contact your administrator and/or open a Microsoft ticket.

Do not modify the question constantly.
by (301k points)
...