search

Webklex / php-imap

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. The protocol is completely integrated and therefore supports IMAP IDLE operation and the "new" oAuth authentication process as well.
https://www.php-imap.com
MIT License
297 stars 140 forks source link

Error: BAD User is authenticated but not connected > outlook365 IMAP connection with oAuth token #482

Open mitebu opened 4 months ago

mitebu commented 4 months ago

Hi

I'm having an issue configuring an IMAP connection to an Outlook365 account with oAuth token. First of all, I attach the steps configured in Microsoft Entra ID, with this guide: Microsoft Answers

After configuring and testing the output of the Powershell script, I can read and access without problems to the folders of the mailbox. prueba imap censored

But when I'm configuring the PHP-IMAP library for this connection, I reach the conection (user is authenticated) but when I try to read the folders ($client->getFolders();) it throws the error.

        `include 'includes/php-imap/vendor/autoload.php'; 

        use Webklex\PHPIMAP\ClientManager;

        $CLIENT_ID="/* censored data */";
        $CLIENT_SECRET="/* censored data */";
        $TENANT="/* censored data */";
        $REFRESH_TOKEN="/* censored data */";

        $url= "https://login.microsoftonline.com/$TENANT/oauth2/v2.0/token";

        $param_post_curl = [ 
        'client_id'=>$CLIENT_ID,
        'client_secret'=>$CLIENT_SECRET,
        'refresh_token'=>$REFRESH_TOKEN,
        'grant_type'=>'refresh_token' ];

        $ch=curl_init();

        curl_setopt($ch,CURLOPT_URL,$url);
        curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($param_post_curl));
        curl_setopt($ch,CURLOPT_POST, 1);
        curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
        //ONLY USE CURLOPT_SSL_VERIFYPEER AT FALSE IF YOU ARE IN LOCALHOST !!!

        $oResult=curl_exec($ch);

        if(!empty($oResult)){

            //The token is a JSON object
            $array_php_resul = json_decode($oResult,true);

            if( isset($array_php_resul["access_token"]) ){

                $access_token = $array_php_resul["access_token"];
                //$cm = new ClientManager($options = ["options" => ["debug" => true]]);                     
                $cm = new ClientManager();   

                $client = $cm->make([
                    'host'          => 'outlook.office365.com',                
                    'port'          => 993,
                    'encryption'    => 'ssl',
                    'validate_cert' => false,
                    'username'      => '/* censored data */',
                    'password'      => $access_token,
                    'protocol'      => 'imap',
                    'authentication' => "oauth",
                    "timeout" => 30,
                    "extensions" => []
                ]);

                try {
                    //Connect to the IMAP Server
                    $client->connect();
                    //$client->checkConnection();
                    $folders = $client->getFolders();

                }catch (Exception $e) {
                    echo 'Exception : ',  $e->getMessage(), "\n";
                }

            } else {
                echo('Error : '.$array_php_resul["error_description"]); 
            }
        }`

After contacting Microsoft Azure support, their answer is that with Powershell works, the problem is in the library or code configured. I've been searching for a solution with no result, maybe some1 had the same problem and can help me? Adittional information needed please aske me for it.

Best regards

eaibizz commented 1 month ago

I do have the same problem, just not a solution yet. The connection succeeds but when calling the folders endpoint, the BAD User is authenticated but not connected issue shows itself. At first I tested with a private account at Outlook.com which worked like a charm, but now I'm trying to connect to a business account at Office365.com and I have to go through 100 extra steps (f.e. due to MFA authentication) to set all the correct access rights so the connect() function already passed.

eaibizz commented 4 weeks ago

@mitebu @Webklex Today my colleague and I found out that this pull request fixes our issue too: https://github.com/Webklex/php-imap/pull/474

Het problem is that now that empty children of subfolders (because they haven't any children) throw an exception, while at their parent level folders have been found already. Due to the recursiveness of the folder function the issue occurs.