none
SMTP connect failure for Outlook with OAUTH. Java client RRS feed

  • Question

  • Working in Java, trying to connect to SMTP to see inbox using OAUTH2.0 tokens. I have obtained the access_token, refresh_token, and email. From what I understand I should be able to connect.

    I am using the scopes: mail.send, mail.readwrite, mail.read, offline_access, openid, email, and profile (although I am fairly confident I do not need all of these -> goal is to read inbox and send emails, while also getting email and name if they exist).

    I am then connecting to SMTP server with the following code:

      OAuth2Authenticator.connectToSmtp("smtp-mail.outlook.com",
              587,
              user.getOutlookUid(),
              accessToken,
              true);

    The code that actually connects to the server is here:

     public static SMTPTransport connectToSmtp(String host, int port, String userEmail, String oauthToken, boolean debug)
      throws Exception {
    
    Properties props = new Properties();
    props.put("mail.smtp.starttls.enable", "true");
    props.put("mail.smtp.starttls.required", "true");
    props.put("mail.smtp.sasl.enable", "true");
    props.put("mail.smtp.sasl.mechanisms", "XOAUTH2");
    props.put("mail.smtp.sasl.mechanisms.oauth2.oauthToken", oauthToken);
    Session session = Session.getInstance(props);
    session.setDebug(debug);
    
    
    URLName unusedUrlName = null;
    SMTPTransport transport = new SMTPTransport(session, unusedUrlName);
    // If the password is non-null, SMTP tries to do AUTH LOGIN.
    String password = "";
    transport.connect(host, port, userEmail, password);
    
    return transport;

    }

    Okay, now I can get to the most frustrating part... I have used the "connectToSMTP" method to connect to Gmail and it worked perfectly.

    OAuth2Authenticator.connectToSmtp("smtp.gmail.com",
              587,
              user.getGoogleUid(),
              accessToken,
              true);

    So ultimately my question is "what am I doing wrong?" or "what can I update to be able to send emails through Outlook"? I have seen that Outlook has a REST API, but that is plan B. Is there something different about Outlook vs Gmail?

    Some things I have considered:

    1. Scope did not request enough access (so I probably am asking for too much now)
    2. access_token was stored incorrectly or encoded in some way (tried decoding it from base_64 which provided nothing). I am able to use my refresh_token to update the access_token so that tells me I am probably storing them correctly.
    3. I tried passing null for the password. Also passed in the actual password and that WORKED, but I have the access_token and refresh_token so I shouldn't need to ask for their explicit password. Also this would be dangerous and sketchy to ask of users.
    4. I tried manually connecting to the smtp server using "openssl s_client -crlf -starttls smtp -connect smtp-mail.outlook.com:587", but it seemed to think my access_token was wrong "535 5.0.0 OAuth failed: OAuth authentication failed due to Invalid token. Code -2147184118" That number when taken two's complement and converted to hex is 0x8004920a. Helped in searches but was to no avail.
    5. I have done a lot of searching for this and will continue now to post this everywhere. A lot of resources for it working with Gmail, but as previously stated I already have it working for Gmail. Something seems different for Outlook. Also I have encountered lots of posts regarding email forwarding on an email client... I am semi-creating an email client so going through outlook.com settings doesn't help me.

    Another concern that a buddy of mine had was that my access token was really long, contributing to what the manual smtp server claimed. It is 1188 characters long. It's something like 'EwB4Aul3BAAUo4xeBIbHjhBxWOFekj4Xy2...x9stHxi2K/VFggE=' (obviously I hid most of the characters).

    Preemptive THANK YOU for anyone who offers advice or finds my issue. Especially why I can pass in the email password and that fails, but using the oauth access_token fails.

    Wednesday, May 4, 2016 4:30 AM