Struggling to Authenticate Outlook access in MailKit

Question

The code examples supplied with MailKit suggest that accessing an IMAP mailbox requires code similar to this...

var at = "<<Access_Token>>";
using (var client = new ImapClient())
{
    client.Connect("imap-mail.outlook.com", 993, SecureSocketOptions.SslOnConnect);

    client.Authenticate("<<Email_Address>>", at);

    // do stuff...

    client.Disconnect(true);
}

Now when using this code with GMail and a properly generated and unexpired Access Token, this works a treat.

The same code, with, again, a properly generated Access Token just results in an AuthenticationException: Invalid username or password. being thrown on the client.Authenticate line.

Now I've tested against this website and I know that the email address and access token values are valid. What am I doing wrong here that is right in Gmail?

[EDIT] I found, on this MSDN page, the suggestion that...

Your app/server passes the access token to our IMAP service in the AUTHENTICATE command. We accept a base64-encoded string that contains:

The user name.

The authentication type Bearer for direct OAuth 2.0 requests.

The access token granted by MSA.

For example, your app/server would base-64 encode this string:

user={user@domain.com}^Aauth=Bearer {Access Token}^A^A

where {user@domain.com} is the user's account, {Access Token} is the access token granted by MSA, and ^A are Ctrl-A characters (U+0001).

However, I've tried using creating the string suggested and passing that as the 'password' value in client.Authenticate() to no avail.

Unfortunately I don't know the solution for connecting to imap-mail.outlook.com, but you do not need to combine the access token with the user=/auth=Bearer strings as that is already done for you in MailKit: https://github.com/jstedfast/MailKit/blob/master/MailKit/Security/SaslMechanismOAuth2.cs#L109 — jstedfast, Aug 10 '16 at 13:04
Question: is your username string non-ASCII by any chance? (I suspect not, but MailKit would not handle that case if it were, so that's a potential issue) — jstedfast, Aug 10 '16 at 13:07
@jstedfast - Are you suggesting that MailKit is broken wrt connecting to Outlook.com? Or are you saying that it simply isn't possible to use oauth to authenticate to Outlook when using MailKit? — Stuart Hemming, Aug 11 '16 at 07:32
I'm not saying either. I was saying that if your username was non-ASCII, that perhaps that was why you couldn't authenticate using MailKit because MailKit has no idea how to handle non-ASCII usernames (if that's even supported by OAuth2.0). — jstedfast, Aug 11 '16 at 12:20
Just thought of something... in order to use OAuth2.0 tokens, you first need to register your app with the OAuth2.0 provider. Have you done that? Presumably you did that for GMail, but have you done it for Outlook.com? — jstedfast, Aug 11 '16 at 12:23
You'll need to at least use the `wl.imap` scope, but may need others such as `wl.basic`, `wl.emails`, and possibly `wl.offline_access`(?). — jstedfast, Aug 11 '16 at 17:48
I'm pretty sure I'm not using those scopes. I'll check it out tomorrow. — Stuart Hemming, Aug 11 '16 at 19:10
Thanks for all of the input, but I no longer care as I've just been laid off!!! — Stuart Hemming, Aug 15 '16 at 10:43

score 0 · Answer 1 · answered Aug 12 '16 at 15:24

As part of the OAuth2.0 process, you need to specify the scope parameter to be wl.imap,wl.offline_access according to https://technet.microsoft.com/en-ca/dn440163

It's possible that other scopes such as wl.email and wl.basic may also be needed, but based on my own understanding of the docs I've read, they should not be necessary.

Struggling to Authenticate Outlook access in MailKit

1 Answers1