Office365 SMTP with oAuth "535 5.7.3 Authentication unsuccessful"

Question

My application is supposed to send email via SMTP using smtp.office365.com. I want to use oAuth authentication but get the error

535 5.7.3 Authentication unsuccessful [MN2PR20CA0018.namprd20.prod.outlook.com 2024-06-28T21:32:09.988Z 08DC949A2B488590]

Here is the flow: the app is registered with Azure, it has permissions Mail.Send and SMTP.Send under Microsoft Graph and Mail.Send under Office365 Exchange Online.

The link for the user to obtain an authorization code is

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=&response_type=code&redirect_uri=&response_mode=query&scope=https://graph.microsoft.com/SMTP.Send+offline_access

This works fine, I get an authorization code and then redeem it for an access token just fine.

Then, during the SMTP session with smtp.office365.com, I submit the username and token in the format

"AUTH XOAUTH2 " + base64("user=" + userName + "^Aauth=Bearer " + accessToken + "^A^A")

I know this part is coded correctly because it works with gmail just fine. But with office365, I get the error "Authentication unsuccessful". I tried both smtp.office365.com and smtp-mail.outlook.com for host, with the same result.

I am wondering what I am doing wrong. Is the scope incorrect? I also tried the scope https://outlook.office.com/SMTP.SendAsApp but that is rejected right away with the message "scope not found", can't even get an authorization code.

Any help would be appreciated.

Thanks.

Answer 1

Figured it out. The culprit was indeed the wrong scope, should be

scope=https://outlook.office.com/SMTP.Send