问题
I'm using MailKit 2.6.0.0 to connect to Microsoft 365 using OAuth for authentication with POP3, IMAP, and SMTP. The ImapClient and Pop3Client authenticate successfully but the SmtpClient does not. Here's the protocol log from MailKit:
Connected to smtp://smtp.office365.com:587/?starttls=always
S: 220 MN2PR04CA0011.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sat, 30 May 2020 07:48:32 +0000
C: EHLO [192.168.1.240]
S: 250-MN2PR04CA0011.outlook.office365.com Hello [my-ip]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO [192.168.1.240]
S: 250-MN2PR04CA0011.outlook.office365.com Hello [my-ip]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH LOGIN XOAUTH2
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH XOAUTH2 BASE64USERANDTOKEN
S: 535 5.7.3 Authentication unsuccessful [MN2PR04CA0011.namprd04.prod.outlook.com]
C: QUIT
S: 221 2.0.0 Service closing transmission channel
I've cracked open the BASE64USERANDTOKEN value and it looks exactly like that provided in the successful POP3/IMAP connections. I don't know whether the unsuccessful SMTP authentication is caused by a mis-configuration of Microsoft 365 or a problem in the protocol dialogue. I'm using the Microsoft 365 Developer Subscription provided as a benefit of my MSDN subscription. I can't find any configuration setting specific to SMTP and I've used the correct scope (https://outlook.office365.com/SMTP.Send} when exchanging an authorization code for the access toke. I also can't find any error log entries in Microsoft 365 which would help in diagnosing the problem.
As for the protocol dialogue, I noticed Microsoft's description at https://docs.microsoft.com/en-gb/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
[connection begins]
C: auth xoauth2
S: 334
C: dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB5YTI5LnZGOWRmdDRxbVRjMk52YjNSbGNrQmhkSFJoZG1semRHRXVZMjl0Q2cBAQ==
S: 235 2.7.0 Authentication successful
[connection continues...]
differs from Google's at https://developers.google.com/gmail/imap/xoauth2-protocol which is like the MailKit protocol log:
[connection begins]
S: 220 mx.google.com ESMTP 12sm2095603fks.9
C: EHLO sender.example.com
S: 250-mx.google.com at your service, [172.31.135.47]
S: 250-SIZE 35651584
S: 250-8BITMIME
S: 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2
S: 250-ENHANCEDSTATUSCODES
S: 250 PIPELINING
C: AUTH XOAUTH2 dXNlcj1zb21ldXNlckBleGFtcGxlLmNvbQFhdXRoPUJlYXJlciB5YTI5LnZGOWRmdDRxbVRjMk52YjNSbGNrQmhkSFJoZG1semRHRXVZMjl0Q2cBAQ==
S: 235 2.7.0 Accepted
[connection continues...]
Is this a possible cause of the authentiation failure?
回答1:
Found the actual cause of unsuccessful authentication. As mentioned in the original post I'm using my Microsoft 365 Developer Subscription, which gives me a domain looking something like schlagermeier.onmicrosoft.com (not real, folks). I went into the Microsoft 365 admin portal for that account and was offered a "guided configuration" experience or somesuch. This was a sort of wizard ui as a series of webpages. One page had a "choose domain" with two radio buttons. One button was labelled "Use schlagermeier.onmicrosoft.com" and the other was "Enter domain" with an input box for a domain you're already registered and own (e.g. schlagermeier.com). So it appears that you have to explicitly set a domain for SMTP to work, which makes sense. I just assumed the onmicrosoft domain would be used.
来源:https://stackoverflow.com/questions/62100221/mailkit-unsuccessful-smtp-oauth-with-microsoft-365-server