Autentication OAuth 2.0 Microsoft Office 365
Hi,
I use Caché COS and I'm having trouble doing a POP3 on the Microsoft email server using OAuth 2.0 authentication.
I'm using the following program to accomplish this task:
QGPOP ; Recebe e-mail da Microsoft Office 365
Set server=##class(%Net.POP3).%New()
Set server.port=995
Set server.StoreAttachToFile=1
Set server.AttachDir="D:\HOME\CNTIRET"
Set servername="outlook.office365.com"
Set user="importacao@ferrolene.com.br",pass="xxxxxx"
Set AccessToken="exxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
set server.SSLConfiguration="Transnovag"
Set status=server.Connect(servername,user,pass,AccessToken)
Do $System.Status.DisplayError(status)
set status=server.GetMailBoxStatus(.NumMensagens,.TamTotalMensagens)
w !!,"Nr. de mensagens na pasta: ",NumMensagens,!!
Do $System.Status.DisplayError(status)
s closeserver=server.%Close()
Quit
I'm getting the following error message:
%SYS>ZR D ^QGPOP
Erro #6015: Servidor POP3 reportou erro: -ERR Authentication failure: unknown user name or bad password..
Has anyone ever been able to make that connection?
Grateful.
Claudio Vieira
If you are using an access token, do not also send a password.
How are you getting the access token? Are you including the necessary scopes for email? You need to use scopes https://outlook.office.com/POP.AccessAsUser.All and https://outlook.office.com/SMTP.Send (or similar) to send and receive email.
Microsoft also requires a tenant id in the request, for example:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
where "common" is the tenant id for an outlook.com email address, but you may need to use the tenant id for ferrolene.com.br
Thank you for returning Mr. Clark,
When I do not send the password is presented another error:
Sending: Set status=server.Connect(servername,user,pass,AccessToken)
Error returned: "Erro #6015: Servidor POP3 reportou erro: -ERR Authentication failure: unknown user name or bad password.."
Sending: Sending: Set status=server.Connect(servername,user,AccessToken)
Error returned: "Erro #6015: Servidor POP3 reportou erro: -ERR Protocol error. Connection is closed. 10."
The Token is being obtained through Postman.
I'm using the following Scopo: "offline_access openid User.Read POP.AccessAsUser.All SMTP.Send IMAP.AccessAsUser.All"
I'm sending the following keys in the Postman:
-client_id
-scope
-redirect_url
-grant_type
-client_secret
-code.
Grateful
Claudio Vieira
Set status=server.Connect(servername,user,AccessToken) needs to be
Set status=server.Connect(servername,user,,AccessToken)
To get the token I use:
url="https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id={id}&redirect_uri={redirect}&scope=openid%20offline_access%20https%3A//outlook.office.com/POP.AccessAsUser.All%20https%3A//outlook.office.com/SMTP.Send&state={state}&nonce={nonce}&response_mode=form_post&access_type=offline&code_challenge={challenge}&code_challenge_method=S256&prompt=consent" client_id= scope="openid offline_access https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send" access_type="offline" response_mode="form_post" response_type="code" code_challenge= code_challenge_method="S256" nonce= prompt=consent" state=
The client_secret is in the post form.
code_challenge/method, nonce, and state may be optional, but desirable for security.
prompt="consent" changes how the authorization is done and probably optional.
access_type="offline" is probably optional since you have the offline_access scope.
I found that adding some additional scopes would prevent the token from working for retrieving email.