Unkown username authenticating office365 pop3

simonrob / email-oauth2-proxy

An IMAP/POP/SMTP proxy that transparently adds OAuth 2.0 authentication for email clients that don't support this method.

Apache License 2.0

850 stars 95 forks source link

Unkown username authenticating office365 pop3 #160

Closed dmonza closed 1 year ago

dmonza commented 1 year ago

I having this issue when I try to connect to outlook 365.

Is correct to use USER/PASS with XOAUTH2?

Thank you,

simonrob commented 1 year ago

This error is from O365 rather than the proxy. (I'm assuming that between 18:38:34 and 18:38:38 you completed the OAuth authentication process and logged in.)

Is POP3 enabled for this account?

dmonza commented 1 year ago

Yes, we re-check that the mailbox habe pop3 enabled and recheck permissions and the issue with problem with O365 persist.

Using the MS POP3 Test page works fine: https://testconnectivity.microsoft.com/tests/O365Pop/input

In this case, I see one difference, "SASL PLAIN XOAUTH2".

https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

simonrob commented 1 year ago

That difference is because the proxy removes the XOAUTH2 capability from the POP3 response (as it doesn't support it; it provides it remotely on your behalf).

Could you share your configuration file?

Are you receiving and approving and authentication request from the proxy?

dmonza commented 1 year ago

I'm using this configuration and run it inside docker...

[me@email.com] token_url = https://login.microsoftonline.com/xxxxxxx/oauth2/v2.0/token oauth2_scope = https://outlook.office365.com/.default oauth2_flow = client_credentials redirect_uri = http://localhost client_id = xxxx client_secret = xxxx

simonrob commented 1 year ago

Ah – setting up the client credentials flow correctly on the Azure AD side can be a lot harder than with the default interactive OAuth 2.0 flow. I'd recommend getting the basic version working first, and only then moving to more advanced configurations.

Does the default configuration work? I.e.:

[your.office365.address@example.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
redirect_uri = http://localhost
client_id = *** your client id here ***
client_secret = *** your client secret here ***

dmonza commented 1 year ago

Well, is working!

Thank you for your help, this app is very helpful with legacy apps.

We flow this guide to get working the client credentials flow. May be useful for anyone in this situation. https://www.youtube.com/watch?v=bMYA-146dmM