exchanglib error while trying to connect and get folder count details

[psahire]

Describe the bug A clear and concise description of what the bug is.

import time
from exchangelib import Account, OAuth2Credentials, Configuration, OAUTH2, Identity
import logging

# This handler will pretty-print and syntax highlight the request and response
# XML documents
from exchangelib.util import PrettyXmlHandler

logging.basicConfig(level=logging.DEBUG, handlers=[PrettyXmlHandler()])
client_id = "xxx"
client_secret = "xxx"
tenant_id = "xxx"
tenant_name = "xxx"
user = 'xxx@xx.com'
credentials = OAuth2Credentials(
    client_id=client_id,
    client_secret=client_secret,
    tenant_id=tenant_id,
    #identity=Identity(smtp_address=user)
)

print(credentials)
config = Configuration(
    credentials=credentials,
    auth_type="basic",
    service_endpoint="https://login.microsoftonline.com/"+tenant_name+"/oauth2/v2.0/token",
    )
print(config)
current_time = time.time()
print('current time: ', current_time)
account = Account(
    primary_smtp_address=user,
    config=config,
    autodiscover=False,
)
print('Executed Time: ', time.time() - current_time)
print(account.root.all().count())
folder_name = getattr(account, 'inbox')
print(folder_name.all().count())
for item in folder_name.all().filter(**{'subject__icontains': 'Test2'})[:100]:
    print(item.subject)
f applicable, describe how other clients like Outlook or OWA behave.

To Reproduce If applicable, add the shortest possible script that reproduces the error.

onfiguration(credentials=OAuth2Credentials('xxxx', '********'), service_endpoint='https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/v2.0/token', auth_type='basic', version=None, retry_policy=<exchangelib.protocol.FailFast object at 0x000000714EE23040>)
current time:  1696448447.974236
DEBUG:exchangelib.protocol:Waiting for _protocol_cache_lock
DEBUG:exchangelib.protocol:Protocol __call__ cache miss. Adding key '('https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/v2.0/token', OAuth2Credentials('xxxx', '********'))'
DEBUG:exchangelib.version:Asking server for version info using API version Exchange2019
DEBUG:exchangelib.services.common:Processing chunk 1 containing 1 items
DEBUG:exchangelib.services.common:Calling service ResolveNames
DEBUG:exchangelib.services.common:Trying API version Exchange2019
DEBUG:exchangelib.protocol:Server login.microsoftonline.com: Increasing session pool size from 0 to 1
DEBUG:requests_oauthlib.oauth2_session:Requesting url https://login.microsoftonline.com/xxxx-37763fc00787/oauth2/v2.0/token using method POST.
DEBUG:requests_oauthlib.oauth2_session:Supplying headers {'Accept': 'application/json', 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8'} and data {'grant_type': 'client_credentials', 'client_id': '739c2be3-eb4a-4a81-8835-8b036bf52228', 'client_secret': 'jsQ8Q~xx', 'scope': 'https://outlook.office365.com/.default'}
DEBUG:requests_oauthlib.oauth2_session:Passing through key word arguments {'timeout': 120, 'auth': None, 'verify': True, 'proxies': None, 'cert': None}.
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG:urllib3.connectionpool:https://login.microsoftonline.com:443 "POST /xxxx-37763fc00787/oauth2/v2.0/token HTTP/1.1" 200 1579
DEBUG:requests_oauthlib.oauth2_session:Request to fetch token completed with status 200.
DEBUG:requests_oauthlib.oauth2_session:Request url was https://login.microsoftonline.com/xxx-37763fc00787/oauth2/v2.0/token
DEBUG:requests_oauthlib.oauth2_session:Request headers were {'User-Agent': 'exchangelib/4.8.0 (python-requests/2.28.1)', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8', 'Content-Length': '184'}
DEBUG:requests_oauthlib.oauth2_session:Request body was grant_type=client_credentials&client_id=7xxx&client_secret=xx~xxx&scope=https%3A%2F%2Foutlook.office365.com%2F.default
DEBUG:requests_oauthlib.oauth2_session:Response headers were {'Cache-Control': 'no-store, no-cache', 'Pragma': 'no-cache', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Content-Type-Options': 'nosniff', 'P3P': 'CP="DSP CUR OTPi IND OTRi ONL FIN"', 'x-ms-request-id': '951372fc-aa00-4a3b-98cd-97529a418c00', 'x-ms-ests-server': '2.1.16424.8 - NCUS ProdSlices', 'X-XSS-Protection': '0', 'Set-Cookie': 'fpc=AlIirNGDFlVBqzyma1uFbHbRJRE1AQAAAMC2r9wOAAAA; expires=Fri, 03-Nov-2023 19:40:48 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly, stsservicecookie=estsfd; path=/; secure; samesite=none; httponly', 'Date': 'Wed, 04 Oct 2023 19:40:47 GMT', 'Content-Length': '1579'} and content {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xcxx"}.
DEBUG:requests_oauthlib.oauth2_session:Invoking 0 token response hooks.
DEBUG:requests_oauthlib.oauth2_session:Obtained token {'token_type': 'Bearer', 'expires_in': 3599, 'ext_expires_in': 3599, 'access_token': 'xxxc', 'expires_at': 1696452047.1682625}.
DEBUG:exchangelib.credentials:Setting auth token for xxx-8b036bf52228
DEBUG:exchangelib.protocol:Server login.microsoftonline.com: Created session 86522
DEBUG:exchangelib.protocol:Server login.microsoftonline.com: Waiting for session
DEBUG:exchangelib.protocol:Server login.microsoftonline.com: Got session 86522
DEBUG:exchangelib.util:Session 86522 thread 3100: retry 0 timeout 120 POST'ing to https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/v2.0/token after 10s wait
DEBUG:requests_oauthlib.oauth2_session:Invoking 0 protected resource request hooks.
DEBUG:requests_oauthlib.oauth2_session:Adding token {'token_type': 'Bearer', 'expires_in': 3599, 'ext_expires_in': 3599, 'access_token': 'cxcxcx', 'expires_at': 1696452047.1682625} to request.
DEBUG:requests_oauthlib.oauth2_session:Requesting url https://login.microsoftonline.com/contoso.onmicrosoft.com/oauth2/v2.0/token using method POST.
DEBUG:requests_oauthlib.oauth2_session:Supplying headers {'Authorization': 'Bearer xxx'} and data b'<?xml version=\'1.0\' encoding=\'utf-8\'?>\n<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types"><s:Header><t:RequestServerVersion Version="Exchange2019"/></s:Header><s:Body><m:ResolveNames ReturnFullContactData="false"><m:UnresolvedEntry>739c2be3-eb4a-4a81-8835-8b036bf52228</m:UnresolvedEntry></m:ResolveNames></s:Body></s:Envelope>'
DEBUG:requests_oauthlib.oauth2_session:Passing through key word arguments {'json': None, 'allow_redirects': False, 'timeout': 120, 'stream': False}.
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): login.microsoftonline.com:443
DEBUG:urllib3.connectionpool:https://login.microsoftonline.com:443 "POST /contoso.onmicrosoft.com/oauth2/v2.0/token HTTP/1.1" 400 503
DEBUG:exchangelib.util:Retry: 0
Waited: 10

[ecederstrand]

It's not clear to me what the error is here? What's not working? Do you get a stack trace? If so, please post it here as well.

[ecederstrand]

Closing. Feel free to reopen if you get back to this.

[psahire]

Auth type: <requests_oauthlib.oauth2_auth.OAuth2 object at 0x000000FA4AEF2730> URL: https://outlook.office365.com/EWS/Exchange.asmx HTTP adapter: <requests.adapters.HTTPAdapter object at 0x000000FA4AEF25B0> Allow redirects: False Streaming: False Response time: 0.7029999999795109 Status code: 403 Request headers: {'User-Agent': 'exchangelib/4.8.0 (python-requests/2.28.1)', 'Accept-Encoding': 'gzip, deflate', 'Accept': '/', 'Connection': 'keep-alive', 'Content-Type': 'text/xml; charset=utf-8', 'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6IkZUS3Z1QWZCRkJEUEFidWRqTXJhSjVmNWR0aUZWSUEwMVlBNWpCV2xTYUEiLCJhbGciOiJSUzI1NiIsIng1dCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSIsImtpZCI6IjlHbW55RlBraGMzaE91UjIybXZTdmduTG83WSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRjZTliNmFjLTFlNGMtNGUxOC1iMzBlLTM3NzYzZmMwMDc4Ny8iLCJpYXQiOjE2OTcwNTQ1MjksIm5iZiI6MTY5NzA1NDUyOSwiZXhwIjoxNjk3MDU4NDI5LCJhaW8iOiJFMkZnWUtoWVhlSmZYcEJxTzJQTEl0NFRSOWI5QlFBPSIsImFwcF9kaXNwbGF5bmFtZSI6ImVIU0RXU2VydmljZURlc2tSZXBvcnRpbmciLCJhcHBpZCI6IjczOWMyYmUzLWViNGEtNGE4MS04ODM1LThiMDM2YmY1MjIyOCIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzRjZTliNmFjLTFlNGMtNGUxOC1iMzBlLTM3NzYzZmMwMDc4Ny8iLCJvaWQiOiI5N2Q1MDU0ZS1hNDliLTQ3MTItYmU2My0wZjZmNjZjM2I0NWMiLCJyaCI6IjAuQVc0QXJMYnBURXdlR0U2ekRqZDJQOEFIaHdJQUFBQUFBUEffemdBQUFBQUFBQUJ1QUFBLiIsInNpZCI6IjEwMTc1ODIwLWI4ZTgtNGE1Ni05ZDVkLTZhNDA5ODAwYjc3OCIsInN1YiI6Ijk3ZDUwNTRlLWE0OWItNDcxMi1iZTYzLTBmNmY2NmMzYjQ1YyIsInRpZCI6IjRjZTliNmFjLTFlNGMtNGUxOC1iMzBlLTM3NzYzZmMwMDc4NyIsInV0aSI6Ii1NTnBOeEpydVVlXy1FLVdhbjQwQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbIjA5OTdhMWQwLTBkMWQtNGFjYi1iNDA4LWQ1Y2E3MzEyMWU5MCJdfQ.PSuHb_zV4yutRPxcuGk6o6AyFkhuKSBAMFoO1u34ip7IQfpoUaPy90rTbAot_6c1tUWGNAZIEIrhxTMS63EbW_ubI1kLM6iOf9XuXzcx1MD5b4XVZQ1gUL6yJfzoIbwbuVI0iTtATHl-UNMOoi_nCFsi5yw2j3WW5h7rOrV5rn_FgWn_P6wOfeJVjuxUlmRnnhIY3ziD-XPDVJRoUJYE_gAX3wd8re2VceeiiVT5PP807KOC0mz7FDAnHF9bu7gQlfTBvwqCNBW3IlU0o5IBJMGYvCwULhg1wM9dhaTs_vEpe9ID6rdpeJKe7khpawso5SqQZ7_WEfasG76-dSoj0w', 'Cookie': 'exchangecookie=91c983cf35124f6498a78cbf0846c606', 'Content-Length': '637'} Response headers: {'Cache-Control': 'private', 'Content-Type': 'text/xml; charset=utf-8', 'Server': 'Microsoft-IIS/10.0', 'request-id': 'e7ac09d2-c34d-1880-c1b0-b3edd354de05', 'Alt-Svc': 'h3=":443",h3-29=":443"', 'X-CalculatedFETarget': 'YQZPR01CU005.internal.outlook.com', 'X-BackEndHttpStatus': '403, 403', 'Set-Cookie': 'exchangecookie=91c983cf35124f6498a78cbf0846c606; path=/; secure', 'WWW-Authenticate': 'Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"', 'X-CalculatedBETarget': 'YQBPR1101RB5301.TDPRD01.PROD.OUTLOOK.COM', 'X-RUM-Validated': '1', 'X-RUM-NotUpdateQueriedPath': '1', 'X-RUM-NotUpdateQueriedDbCopy': '1', 'x-ms-appId': '739c2be3-eb4a-4a81-8835-8b036bf52228', 'Restrict-Access-Confirm': '1', 'x-ms-diagnostics': '2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"', 'X-AspNet-Version': '4.0.30319', 'X-BeSku': 'WCS7', 'X-DiagInfo': 'YQBPR0101MB5301', 'X-BEServer': 'YQBPR0101MB5301', 'X-Proxy-RoutingCorrectness': '1', 'X-Proxy-BackendServerStatus': '403', 'X-FEProxyInfo': 'CH2PR14CA0049.NAMPRD14.PROD.OUTLOOK.COM', 'X-FEEFZInfo': 'MDW', 'X-FEServer': 'YQZPR01CA0112, CH2PR14CA0049', 'X-FirstHopCafeEFZ': 'MDW', 'X-Powered-By': 'ASP.NET', 'Date': 'Wed, 11 Oct 2023 20:07:09 GMT', 'Content-Length': '0'} Request XML: b'<?xml version=\'1.0\' encoding=\'utf-8\'?>\nt:ExchangeImpersonation><t:ConnectingSID><t:PrimarySmtpAddress>test@test.ca</t:PrimarySmtpAddress</t:ConnectingSID></t:ExchangeImpersonation></s:Header>xxx</m:UnresolvedEntry></m:ResolveNames></s:Body></s:Envelope>' Response XML: b'' Traceback (most recent call last): File "E:/Python_Proj/SD_Stats/Pritam.py", line 33, in account = Account(primary_smtp_address=address, File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\account.py", line 204, in init self.version = self.protocol.version.copy() File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\protocol.py", line 485, in version self.config.version = Version.guess(self, api_version_hint=self._api_version_hint) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\version.py", line 233, in guess list(ResolveNames(protocol=protocol).call(unresolved_entries=[name])) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 188, in _elems_to_objs for elem in elems: File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 246, in _chunked_get_elements yield from self._get_elements(payload=payload_func(chunk, *kwargs)) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 266, in _get_elements yield from self._response_generator(payload=payload) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 228, in _response_generator response = self._get_response_xml(payload=payload) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 343, in _get_response_xml r = self._get_response(payload=payload, api_version=api_version) File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\services\common.py", line 298, in _get_response r, session = post_ratelimited( File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\util.py", line 915, in post_ratelimited protocol.retry_policy.raise_response_errors(r) # Always raises an exception File "C:\Users\microinfo\AppData\Local\Programs\Python\Python38\lib\site-packages\exchangelib\protocol.py", line 695, in raise_response_errors raise MalformedResponseError( exchangelib.errors.MalformedResponseError: Unknown failure in response. Code: 403 headers: {'Cache-Control': 'private', 'Content-Type': 'text/xml; charset=utf-8', 'Server': 'Microsoft-IIS/10.0', 'request-id': 'xxx-c34d-1880-xx-b3edd354de05', 'Alt-Svc': 'h3=":443",h3-29=":443"', 'X-CalculatedFETarget': 'YQZPR01CU005.internal.outlook.com', 'X-BackEndHttpStatus': '403, 403', 'Set-Cookie': 'exchangecookie=xxx; path=/; secure', 'WWW-Authenticate': 'Bearer client_id="xxx-0000-0ff1-xx-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"', 'X-CalculatedBETarget': 'YQBPR0101MB5301.CANPRD01.PROD.OUTLOOK.COM', 'X-RUM-Validated': '1', 'X-RUM-NotUpdateQueriedPath': '1', 'X-RUM-NotUpdateQueriedDbCopy': '1', 'x-ms-appId': 'xx-eb4a-4a81-8835-xx', 'Restrict-Access-Confirm': '1', 'x-ms-diagnostics': '2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"', 'X-AspNet-Version': '4.0.30319', 'X-BeSku': 'WCS7', 'X-DiagInfo': 'YQBPR0101MB5301', 'X-BEServer': 'YQBPR0101MB5301', 'X-Proxy-RoutingCorrectness': '1', 'X-Proxy-BackendServerStatus': '403', 'X-FEProxyInfo': 'CH2PR14TR0049.NAMPRD14.PROD.OUTLOOK.COM', 'X-FEEFZInfo': 'MDW', 'X-FEServer': 'YQZPR01CA0112, CH2PR14CA0049', 'X-FirstHopCafeEFZ': 'MDW', 'X-Powered-By': 'ASP.NET', 'Date': 'Wed, 11 Oct 2023 20:07:09 GMT', 'Content-Length': '0'} content: DEBUG:exchangelib.protocol:Server outlook.office365.com: Closing sessions

[psahire]

its shows invalid token/grant in response.

[ecederstrand]

Yeah, that usually means that the OAuth client is generering tokens that are not valid for use with the EWS API. You need to either forlod rhe documentation for creating an Azure client, or get help from your Azure admins on correctly configuring the OAuth client.

[psahire]

is there anything wrong in code? i informed my azure admin about this issue but they asked me to change the code but I don't see any issue with code.

Pritam

[ecederstrand]

Looking again at the initial code you posted, you specified Basic auth in the Configuration object, which is wrong. Also, your service_endpoint points to an OAuth token URL but should point to the URL of the EWS service of your Exchange server.