search

simonrob / email-oauth2-proxy

An IMAP/POP/SMTP proxy that transparently adds OAuth 2.0 authentication for email clients that don't support this method.
Apache License 2.0
804 stars 87 forks source link

BAD User is authenticated but not connected #275

Closed ismasou closed 2 weeks ago

ismasou commented 3 weeks ago

Maybe somebody has figured out how to make this work. I'm trying to switch from davmail. One of my o365 account works on thunderbird natively, but I couldn't make the other one work natively or using this proxy. (they are from different organizations) I tried different client_ids from thunderbird and fairmail and even the davmail one. Every time I get exactly the same error as I got in thunderbird natively, this "BAD User is authenticated but not connected". Here is the log:

Email OAuth 2.0 Proxy: Accepting new connection from 127.0.0.1:57666 to IMAP server at 127.0.0.1:1993 (unsecured) proxying outlook.office365.com:993 (SSL/TLS)
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) --> [ Client connected ]
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-> [ Starting TLS handshake ]
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-> [ TLSv1.2 handshake complete ]
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'* OK The Microsoft Exchange IMAP4 service is ready. XXXXXXXXXXXX
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'* OK The Microsoft Exchange IMAP4 service is ready. XXXXXXXXXXXX
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) --> b'99 capability\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'99 capability\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'99 OK CAPABILITY completed.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'99 OK CAPABILITY completed.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) --> b'100 authenticate PLAIN\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'+ \r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) --> b'[[ Credentials removed from proxy log ]]'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'100 AUTHENTICATE XOAUTH2 '
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'[[ Credentials removed from proxy log ]]\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com)     <-- b'100 OK AUTHENTICATE completed.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) [ Successfully authenticated IMAP connection - releasing session ]
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) <-- b'100 OK AUTHENTICATE completed.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) --> b'101 capability\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) <-- b'* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CLIENTACCESSRULES CLIENTNETWORKPRESENCELOCATION BACKENDAUTHENTICATE CHILDREN IDLE NAMESPACE LITERAL+\r\n101 OK CAPABILITY completed.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) --> b'102 namespace\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) <-- b'102 BAD User is authenticated but not connected.\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) --> b'103 ID ("name" "Thunderbird" "version" "128.1.0")\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) <-- b'103 BAD User is authenticated but not connected.\r\n* BYE Connection closed. 14\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) --> b'104 list "" "*"\r\n105 lsub "" "*"\r\n'
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993) username@xxx.comdisconnected ]
Email OAuth 2.0 Proxy: IMAP (127.0.0.1:57666-{127.0.0.1:1993}-outlook.office365.com:993; username@xxx.com) --> [ Client disconnected ]

I have been using both these emails with davmail for a long time, I just now wanted to simplify it with this proxy.

simonrob commented 2 weeks ago

I'm afraid this is not an issue with the proxy – as the O365 error message (sort of) explains, you've authenticated as the user you are logging in as (i.e., the proxy has done its job), but have not successfully connected to an account.

Most likely, the account you have logged in with when requested by the proxy interactively does not match or does not have permissions to access the account you are using for IMAP. I'd recommend clearing the cached credentials from the proxy's configuration file and logging in again, making sure the accounts match. Here's a search result for the same error message that may also help.