Reputation: 41
Outlook SMTP Oauth Send - Authentication Unsuccessful
I have been trying to implement email functionality in a legacy app using the Legacy Mail API to add OAuth support after getting a token through the Device Code Flow starting with the Microsoft Sample Project.
Along that route I have added SMTP.Send and many other API permissions to find the missing piece. (Including { "User.Read", "User.ReadBasic.All", "SMTP.Send", "offline_access", "Mail.Send" } in fear of missing one)
I have been testing with the MailKit library to build a proof of concept.
So far I have the following Code Snippet that fails after trying to authenticate.
public void SendSmtpMessageAsync(string id, string accessToken)
{
var message = new MimeMessage();
message.From.Add(new MailboxAddress("From Name", "From [email protected]"));
message.To.Add(new MailboxAddress("To Name", "To [email protected]"));
message.Subject = "How you doin'?";
message.Body = new TextPart("plain")
{
Text = @"Test Email Content"
};
using (var client = new SmtpClient(new ProtocolLogger(Console.OpenStandardOutput())))
{
try
{
client.Connect("smtp.office365.com", 587, SecureSocketOptions.StartTls);
var oauth2 = new SaslMechanismOAuth2(id, accessToken);
var temp = client.AuthenticationMechanisms;
client.Authenticate(oauth2);
client.Send(message);
client.Disconnect(true);
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
}
}
MailKit Log
I have enabled logging and gotten a log that shows the client connecting than sending the token to authenticate but the authentication failing.
Connected to smtp://smtp.office365.com:587/?starttls=always
S: 220 MW3PR05CA0003.outlook.office365.com Microsoft ESMTP MAIL Service ready at Mon, 25 May 2020 21:31:07 +0000
C: EHLO [192.168.0.7]
S: 250-MW3PR05CA0003.outlook.office365.com Hello [<<My IP>>]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO [192.168.0.7]
S: 250-MW3PR05CA0003.outlook.office365.com Hello [<<My IP>>]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH LOGIN XOAUTH2
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH XOAUTH2 <<Token omitted but I have confirmed that it is Base64 encoded and
in the format of base64("user=" + userName + "^Aauth=Bearer " + accessToken + "^A^A")>>
S: 535 5.7.3 Authentication unsuccessful [MW3PR05CA0003.namprd05.prod.outlook.com]
MailKit.Security.AuthenticationException: 535: 5.7.3 Authentication unsuccessful
[MW3PR05CA0003.namprd05.prod.outlook.com]
Any direction or resources would be appreciated since most existing posts are from pre-2020 when Legacy SMTP support was added. Additionally, if you see any misunderstanding let me know so I can do some additional reading.
Upvotes: 2
Views: 3886
Answers (3)
Reputation: 60642
After spending hours and days trying to solve the Authentication unsuccessful error here's an important thing I discovered:
When requesting "scopes" during oAuth2 flow make sure you don't request any scopes, other than offline_access and https://outlook.office.com/SMTP.Send
In my case the problem was - I was also requesting the User.Read scope
Upvotes: 1
Reputation: 41
After lots of searching and trying to talk to Microsoft I was pointed in the direction of this answer of a different post. (I had adding a POP3 call that was in the same format as the SMTP call in the OP.) The answer said to include the scope https://outlook.office.com/POP.AccessAsUser.All so after replacing the POP.AccessAsUser.All I had before the SMTP and POP3 calls worked using modern authentication.
Additionally, now that I know the answer I see it is documented in Microsoft's Docs Authenticate an IMAP, POP or SMTP connection using OAuth verifying that this is the proper solution.
Make sure to specify the full scopes, including Outlook resource URLs, when authorizing your application and requesting an access token.
| Protocol | Permission scope string
|-----------|-------------------------------------
| IMAP | https://outlook.office.com/IMAP.AccessAsUser.All
| POP | https://outlook.office.com/POP.AccessAsUser.All
| SMTP AUTH | https://outlook.office.com/SMTP.Send
Hope this helps anyone else facing this same issue
Upvotes: 2
Reputation: 41
I had a similar problem, which was cause by my misconfiguration of Microsoft 365. Please see MailKit unsuccessful SMTP OAuth with Microsoft 365 server for details. Hope this helps.
Upvotes: 0
Related Questions
- Connect to outlook Office 365 IMAP using OAUTH2
- Using Oauth2 to send email via Office365 C#
- Office 365 SMTP authentication via XOAUTH2
- Azure AD Service Principal client credentials grant AUTHENTICATE failed accessing outlook.office365.com mailbox via IMAP
- Unable to auth Microsoft 365 email with OAuth2 for daemon apps
- Authentication unsuccessful error with smtp.office365.com when using python3 smtplib
- Mailkit Can't authenticate with O365 oAuth2 account
- Retrieving Emails from Office365 using OAuth2.0
- MailKit unsuccessful SMTP OAuth with Microsoft 365 server
- Error while using Office365 SMTP in Asp.Net