+1 vote

Hello Limilabs Support Team, I have done setting as per below links:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

https://www.limilabs.com/blog/office365-enable-imap-pop3-smtp

But in AD i don´t found the entry Conditional Access - how else can i check it?

I chose "Mobile an Desktop application" and add these Redirect URIs: http://localhost

My code:

Dim clientId As String = "dc85......" 'Application (client) ID
Dim tenantId As String = "ab4......" 'Directory (tenant) ID
Dim clientSecret As String = "cdC......" 'Client secret value

Dim app As ConfidentialClientApplication
app = ConfidentialClientApplicationBuilder.
    Create(clientId).
    WithTenantId(tenantId).
    WithClientSecret(clientSecret).
    Build

Dim scopes() As String = New String() 
    { "https://outlook.office365.com/.default"}

Dim result As AuthenticationResult
result = Await app.AcquireTokenForClient(scopes).ExecuteAsync()


Dim accessToken As String = result.AccessToken
txtToken.Text = accessToken

Dim oIMAP As New Imap
oIMAP.ConnectSSL("outlook.office365.com")
oIMAP.LoginOAUTH2(txtMail.Text, accessToken)


oIMAP.SelectInbox()
MessageBox.Show("ERFOLGREICH")

I checked the ids (tenatID/ appID/ objectID) several times - these are correct.

IMAP/POP3 and SMTP access is also enabled in Office 365.

If i start the software i get a token but IMAP AUTHENTICATE failed.

by (250 points)
reopened by

1 Answer

0 votes

Conditional Access can be found on the main Overview screen of the AD, as shown in the article:
https://www.limilabs.com/blog/office365-enable-imap-pop3-smtp

"I chose "Mobile an Desktop application" and add these Redirect URIs:..." - For client Credential flow don't add any platforms on the Authentication screen.

Microsoft has a connectivity tool:
https://www.limilabs.com/blog/office-365-oauth-2-0-imap-pop3-email-client-connectivity-tools
That you can use to test if POP3 is turned on.

I'm sure that the article:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp
is correct and accurate.

Make sure that you added the POP.AccessAsApp permission for your app.

Remember, that you need to perform every single step that is described there. This includes PowerShell part.

Usually people use incorrect client/tenant ids/secrets - double check every single value you enter.

Another common mistake is not performing "Grant admin consent" step, it is also important to allow modern authentication:

https://www.limilabs.com/blog/office365-enable-imap-pop3-smtp

Have you performed Power Shell configuration of accounts in Exchange?

Double check using PowerShell commands:

Get-ServicePrincipal -Organization [TODO]
Get-MailboxPermission -Identity [TODO]

Verify that ids returned by those commands are correct.

Make sure you use the Object ID from the Enterprise Application.
Do not use the value from the App Registration screen.

by (301k points)

We experience the same problem and see in the Excange log that the token is seen as a password and that the token string seems to be too long?

Continuous access evaluation: No
Sign in error code: 50052
failure reason:
The password entered exceeds the maximum length. Please reach out to your admin to reset the password.
Additional Details:
The user is unable to login because their password exceeds the permitted maximum length. They should contact their admin to reset the password. If SSPR is enabled for their tenant, they can reset their password by following the "Forgot your password" link.

@beidebenen
I don't really understand when your problem occurs.

It doesn't seem related to this question - please ask a new question instead of adding comments. Explain in detail what flow you are using, show your code. Explain when you see this error.

...