Thank you for posting your project and creating this video - this saved me a lot of time. I wasn't aware of the impending October 1st, 2022 removal of basic authentication and, thanks to your code, I have a good head start on making the necessary changes to multiple systems currently using app passwords to send mail via basic auth SMTP. Thank you!
Hi can you explain me to do, how to connect POP3 using oauth 2.0 I'm really waiting for this code... You can even send your code by file Google account or i will share my email we can connect
I am following the same approach and am able to generate the access token but when I am going to read the emails from the inbox folder using IMAP I am getting an error like below "Bad User Authenticated but not Connected." I don't know what is wrong I am doing because It is printing "AUTHENTICATE Complete" but when I am trying to read emails I am getting above error.
Thank you, your programa works ok up to the method "office-365-get-mail", in that method, in the minute 10.54 the lines are not the same that in the example project. To me it shows an error. "The remote certificate was rejected by the provided RemoteCertificateValidationCallback."
For Code Flow client secret is completely optional, is up to you using or not using it. OAuth2 applications have restricted list of valid redirect url that basically constitute the list of clients that can use the application, secret is another level of security.
Hi, i have one more doubt, I am able to access my IMAP folder using the admin mail user but not with the normal mail user folder, it says the user is authenticated but not connected? any I dea what could be the issue? is there any permission am i missing in the ad app or online exchange ? Thanks in advance
if you are using standard code flow, where the user perform the login with the browser, it is really strange, because you get a token that impersonate the user. If you instead are using code flow, where you obtain a token with clientId and secret, you need to give permission to the application principal. The error authenticated but not connected should be when the token is valid, user is recognized, but has no access to the mailbox. Also I do not know (I'm not an expert in office 365) if maybe the user has some general permission to use IMAP
Hi All, In the step 2 of this video when I input the same user that I got the token for to then end point "office-365-get-mail" I get this error An unhandled exception occurred while processing the request. ImapCommandException: The IMAP server replied to the 'NAMESPACE' command with a 'BAD' response: User is authenticated but not connected. MailKit.Net.Imap.ImapEngine.QueryNamespacesAsync(bool doAsync, CancellationToken cancellationToken)
Hi, good video, thank you. I am new to Azure and Office 365. I would like to know how these two are linked; are they different entities? Suppose I have an Office 365 subscription and an Azure test account, but how does the access token connect to my Office 365 account? Even if I am providing Graph access to the IMAP relevant permission.
If you have on Office 365 you should have an Azure active directory where you will configure the application and all the tokens. If you have other test account for Azure they are not related to your office 365 account. learn.microsoft.com/en-us/microsoft-365/enterprise/azure-integration?view=o365-worldwide
Hello Gian, I tried refreshing the access token with the refresh token as shown in the video. However, it throws me 404 error. Can you guide me like what could be the reason? Or, any suggestion that I can look into?
You are doing the request to the wrong url, the url that perform token refresh is the very same used to get the token the first time. It is called the token endpoint.
Probably Client Credential Flow, but it depends if you need people to be able to put more than one account to use (so each user can do code flow and then store various tokens)
@@brandoncole1227 Did you solve the state error message. I can see my state getting passed in but it fails when executing GetRequestData with that state.
A very helpful video! I have a Windows Service and I am trying to follow along but having trouble with finding the Office 365 Exchange/IMAP access for Type:Application. How did you find this?
If I correctly understood your question, when you choose app permissions you need to select "Api my organization uses" and then "Office 365 Exchange Online"
@@jaypatadia3744 probably that azure account is not connected to Office 365 account, if you like me have more than one azure account, there is the possibility that you are in the wrong directory.
I have little knowledge of java, but actually the process is the very same, it should not be difficult to translate the code in Java (or use some OIDC library already present in java, I wrote entirely in C# to create a test example to teach people how the internal works)
Hello there, I love the video and it basically gets me closer to what I'm trying to accomplish. I was wondering if you can assist with some requirements. I have a help Desk application(PHP/Laravel) that runs a cron job and pulls emails from gmail and others using IMAP. But I connect get it to work for Office 365. Always getting authentication issue.
Sorry for late response, unfortunately I do not know PHP/Laravel, but the overall procedure is the same for the OAUTH/OIDC part, then you need to use some PHP library that support XOAUTH2 login.
Hello, I am currently working on same, can you tell me how you use to test this on local env. have you purchased the azure account or you are doing all the stuff on free account. please let me know as I have to implement new authentication and for that not sure how to test the things.
Access_token usually last for no more than 1/2 hours. When access_token is expired you have 2 options: 1 use the refresh token to obtain new access and refresh tokens, the other is force user to perform another code flow.
@@shreys71055 yes, you add offline_access to the list of claims, then you obtain access and refresh token, you use the refresh token to generate other access token when the previous is expired
![Digital Circus Episode 4 [TRAILER]](http://i.ytimg.com/vi/abZtsmMUbJo/mqdefault.jpg)
Thank you for posting your project and creating this video - this saved me a lot of time. I wasn't aware of the impending October 1st, 2022 removal of basic authentication and, thanks to your code, I have a good head start on making the necessary changes to multiple systems currently using app passwords to send mail via basic auth SMTP. Thank you!
Glad it was helpful!
Perfect video, very good explanation. Exactly what I needed! Thank you kind sir!
i can finally authorize pop. thank you so much
Hi can you explain me to do, how to connect POP3 using oauth 2.0 I'm really waiting for this code... You can even send your code by file Google account or i will share my email we can connect
I am following the same approach and am able to generate the access token but when I am going to read the emails from the inbox folder using IMAP I am getting an error like below
"Bad User Authenticated but not Connected."
I don't know what is wrong I am doing because It is printing "AUTHENTICATE Complete" but when I am trying to read emails I am getting above error.
Probably the token is good, you are authenticated, but that user has no right to access that mailbox.
Very useful video. Thank you.
Thank you, your programa works ok up to the method "office-365-get-mail", in that method, in the minute 10.54 the lines are not the same that in the example project. To me it shows an error. "The remote certificate was rejected by the provided RemoteCertificateValidationCallback."
It seems some error in certificate, never had this kind of error
it gave me a error on the line "newclient.AthenticateAsync(oauth2_1);" with "authentication failed" what could be the problem bro ?
Wrong claims on the oauth2 app or token are the most common causes
also why client secrets are not used anywhere? I have see some code of others and they are using it.
For Code Flow client secret is completely optional, is up to you using or not using it. OAuth2 applications have restricted list of valid redirect url that basically constitute the list of clients that can use the application, secret is another level of security.
Hi, i have one more doubt, I am able to access my IMAP folder using the admin mail user but not with the normal mail user folder, it says the user is authenticated but not connected? any I dea what could be the issue? is there any permission am i missing in the ad app or online exchange ?
Thanks in advance
if you are using standard code flow, where the user perform the login with the browser, it is really strange, because you get a token that impersonate the user. If you instead are using code flow, where you obtain a token with clientId and secret, you need to give permission to the application principal.
The error authenticated but not connected should be when the token is valid, user is recognized, but has no access to the mailbox.
Also I do not know (I'm not an expert in office 365) if maybe the user has some general permission to use IMAP
Hi All, In the step 2 of this video when I input the same user that I got the token for to then end point "office-365-get-mail" I get this error
An unhandled exception occurred while processing the request.
ImapCommandException: The IMAP server replied to the 'NAMESPACE' command with a 'BAD' response: User is authenticated but not connected.
MailKit.Net.Imap.ImapEngine.QueryNamespacesAsync(bool doAsync, CancellationToken cancellationToken)
please let me know awaiting your inputs
Hi, good video, thank you. I am new to Azure and Office 365. I would like to know how these two are linked; are they different entities? Suppose I have an Office 365 subscription and an Azure test account, but how does the access token connect to my Office 365 account? Even if I am providing Graph access to the IMAP relevant permission.
If you have on Office 365 you should have an Azure active directory where you will configure the application and all the tokens. If you have other test account for Azure they are not related to your office 365 account. learn.microsoft.com/en-us/microsoft-365/enterprise/azure-integration?view=o365-worldwide
Thank you, it really helped. I was searching over the internet allot
. but finally thanks again @@codewrecks
Thank you.
Hello Gian, I tried refreshing the access token with the refresh token as shown in the video. However, it throws me 404 error. Can you guide me like what could be the reason? Or, any suggestion that I can look into?
You are doing the request to the wrong url, the url that perform token refresh is the very same used to get the token the first time. It is called the token endpoint.
When running the solution I'm getting a failed state error message. Also for using a C# Console App what Auth flow would you recommend?
Probably Client Credential Flow, but it depends if you need people to be able to put more than one account to use (so each user can do code flow and then store various tokens)
@@codewrecks Thank you so much!
@@brandoncole1227 Did you solve the state error message. I can see my state getting passed in but it fails when executing GetRequestData with that state.
@@John-ok8ts I did it was an azure permissions issue. Put IT department had to run the commands.
@@groundbrandon Yea got it sorted yesterday. Thanks for responding.
A very helpful video!
I have a Windows Service and I am trying to follow along but having trouble with finding the Office 365 Exchange/IMAP access for Type:Application. How did you find this?
If I correctly understood your question, when you choose app permissions you need to select "Api my organization uses" and then "Office 365 Exchange Online"
Yeah but that option is not available for selecting office365 exchange how to find that or add that
@@jaypatadia3744 probably that azure account is not connected to Office 365 account, if you like me have more than one azure account, there is the possibility that you are in the wrong directory.
Please suggest for java and oAuth2 and imap
I have little knowledge of java, but actually the process is the very same, it should not be difficult to translate the code in Java (or use some OIDC library already present in java, I wrote entirely in C# to create a test example to teach people how the internal works)
Hello there, I love the video and it basically gets me closer to what I'm trying to accomplish. I was wondering if you can assist with some requirements. I have a help Desk application(PHP/Laravel) that runs a cron job and pulls emails from gmail and others using IMAP. But I connect get it to work for Office 365. Always getting authentication issue.
Sorry for late response, unfortunately I do not know PHP/Laravel, but the overall procedure is the same for the OAUTH/OIDC part, then you need to use some PHP library that support XOAUTH2 login.
@@codewrecks Thank you for the recommendation.
Hello, I am currently working on same, can you tell me how you use to test this on local env. have you purchased the azure account or you are doing all the stuff on free account. please let me know as I have to implement new authentication and for that not sure how to test the things.
I have a test account on Office 365, you need to have a valid Office365 tenant to work with, so you can configure everything as I show in the video.
@@GianMariaRicci so office 365 is not free right, are u using any paid version?
@@shreys71055 as Microsoft MVP I have an instance I can use for test for free.
Hi can you share me the code file to acces and understand for creating my pop3 dotnet service this is very helpful
can we not use grant_type = refresh_token to get new access + refresh token?
Access_token usually last for no more than 1/2 hours. When access_token is expired you have 2 options: 1 use the refresh token to obtain new access and refresh tokens, the other is force user to perform another code flow.
@@GianMariaRicci so, using reply token to get new access + refresh is better if we are working with background services.
@@shreys71055 yes, you add offline_access to the list of claims, then you obtain access and refresh token, you use the refresh token to generate other access token when the previous is expired
@@codewrecks got it. thank you very much for explaining.
also to get new access and refresh token the grant type should be refresh_token right?
How can I buy you a coffee?
I'm just glad to be helpful :).