Question
Claudio Vieira · Feb 3

Autentication OAuth 2.0 Microsoft Office 365

Hi,

I use Caché COS and I'm having trouble doing a POP3 on the Microsoft email server using OAuth 2.0 authentication.

I'm using the following program to accomplish this task:

QGPOP ; Recebe e-mail da Microsoft Office 365
  Set server=##class(%Net.POP3).%New()
  Set server.port=995
  Set server.StoreAttachToFile=1
  Set server.AttachDir="D:\HOME\CNTIRET"
  Set servername="outlook.office365.com"
  Set user="importacao@ferrolene.com.br",pass="xxxxxx"
  Set AccessToken="exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  set server.SSLConfiguration="Transnovag"
  Set status=server.Connect(servername,user,pass,AccessToken)
  Do $System.Status.DisplayError(status)
  set status=server.GetMailBoxStatus(.NumMensagens,.TamTotalMensagens)
  w !!,"Nr. de mensagens na pasta: ",NumMensagens,!!
  Do $System.Status.DisplayError(status)
  s closeserver=server.%Close()
  Quit
  
I'm getting the following error message:

%SYS>ZR  D ^QGPOP
Erro #6015: Servidor POP3 reportou erro: -ERR Authentication failure: unknown user name or bad password..

Has anyone ever been able to make that connection?

Grateful.

Claudio Vieira

Product version: IRIS 2022.1
$ZV: IRIS for Windows (x86-64) 2022.1.1 (Build 374U) Tue Oct 18 2022 17:39:18 EDT
0
1 168
Discussion (3)2
Log in or sign up to continue

If you are using an access token, do not also send a password.

How are you getting the access token? Are you including the necessary scopes for email? You need to use scopes https://outlook.office.com/POP.AccessAsUser.All and https://outlook.office.com/SMTP.Send (or similar) to send and receive email.

Microsoft also requires a tenant id in the request, for example:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
where "common" is the tenant id for an outlook.com email address, but you may need to use the tenant id for ferrolene.com.br

Thank you for returning Mr. Clark,
When I do not send the password is presented another error:

Sending: Set status=server.Connect(servername,user,pass,AccessToken)
Error returned: "Erro #6015: Servidor POP3 reportou erro: -ERR Authentication failure: unknown user name or bad password.."

Sending: Sending: Set status=server.Connect(servername,user,AccessToken)
Error returned: "Erro #6015: Servidor POP3 reportou erro: -ERR Protocol error. Connection is closed. 10."

The Token is being obtained through Postman.
I'm using the following Scopo: "offline_access openid User.Read POP.AccessAsUser.All SMTP.Send IMAP.AccessAsUser.All"

I'm sending the following keys in the Postman:

-client_id
-scope
-redirect_url
-grant_type
-client_secret
-code.

Grateful

Claudio Vieira

Set status=server.Connect(servername,user,AccessToken) needs to be
Set status=server.Connect(servername,user,,AccessToken)

To get the token I use:

url="https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id={id}&redirect_uri={redirect}&scope=openid%20offline_access%20https%3A//outlook.office.com/POP.AccessAsUser.All%20https%3A//outlook.office.com/SMTP.Send&state={state}&nonce={nonce}&response_mode=form_post&access_type=offline&code_challenge={challenge}&code_challenge_method=S256&prompt=consent"

client_id=  
scope="openid offline_access https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send"
access_type="offline"
response_mode="form_post" 
response_type="code" 
code_challenge=
code_challenge_method="S256"
nonce=
prompt=consent"
state=

The client_secret is in the post form.
code_challenge/method, nonce, and state may be optional, but desirable for security.
prompt="consent" changes how the authorization is done and probably optional.
access_type="offline" is probably optional since you have the offline_access scope.

I found that adding some additional scopes would prevent the token from working for retrieving email.