Connect to outlook Office 365 IMAP using OAUTH2

Question

Referred https://msdn.microsoft.com/en-us/office/office365/api/use-outlook-rest-api. Still I couldn\'t understand the AD, Outlook and windows live.

I got refresh to

Answer 1

I have finally gotten this to work. Interestingly I had to use the scope https://outlook.office365.com/IMAP.AccessAsUser.All although by now you have to register your app under the Graph API section in the Azure AD and the proposed Scope is https://graph.microsoft.com/IMAP.AccessAsUser.All which did not work for me (Authentication failed). Though I am not sure if that will change in the near future.

I used the properties as stated here: https://javaee.github.io/javamail/OAuth2

props.put("mail.imap.sasl.enable", "true");
props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
props.put("mail.imap.auth.login.disable", "true");
props.put("mail.imap.auth.plain.disable", "true");

Answer 2

See latest Microsoft announcement on April 30, 2020.

Announcing OAuth 2.0 support for IMAP, SMTP client protocols in Exchange Online

Today, we’re announcing the availability of OAuth 2.0 authentication for IMAP, SMTP AUTH protocols to Exchange Online mailboxes.

Answer 3

For those asking about IMAP for personal accounts -- Outlook.com
-- re: comment

Apparently the scopes for the consumer Outlook.com (also live.com) is wl.imap.
See old Microsoft doc on Scopes and permissions.

• Update: see also newer Microsoft doc Using Windows Live scopes and Outlook REST API to access Outlook.com mailbox data

Also have a look at this example where the same scope is mentioned:
http://afterlogic.com/mailbee-net/docs/OAuth2MicrosoftRegularAccountsInstalledApps.html

BTW, we came across the old Microsoft doc from Clever Components article:

https://www.clevercomponents.com/articles/article049/

• note: their claim this is for Office365 may be questionable, perhaps a documentation error on their part

which has a link to a Microsoft doc:

https://msdn.microsoft.com/en-us/windows/desktop/dn440163

which has a link to Scopes and permissions in the related section listed at the end of the page:

https://msdn.microsoft.com/en-us/windows/desktop/hh243646

In the Clever Components article, they used two scopes wl.imap and wl.offline_access.
They noted that:

Microsoft recommends to use the "wl.offline_access" scope together with "wl.imap". Otherwise, an app can access the user's info only when a user signs in to Live Connect and uses your app."

So if your application needs continuous access then you need to include the offline access scope.