php-imap: Can't connect to Outlook OAuth IMAP

I have hijacked the issue https://github.com/Webklex/php-imap/issues/50 but I guess it’s better to create a new one.

   $client = Client::make([
            'host' => 'outlook.office365.com',
            'port' => 993,
            'encryption' => 'ssl', // 'tls',
            'validate_cert' => false,
            'username' => 'xyz@outlook.com',
            'password' => 'AccessToken',
            'protocol' => 'imap',
            'authentication' => "oauth",
   ]);
  • User/pass on my email server works
  • Gmail OAuth works
  • Outlook OAuth don’t

In the outlook webapp it says the IMAP info is: Host: outlook.office365.com Port: 993 Method: TLS

In the Azure panel, I have setup a Web authenticated App with Access Tokens and ID Tokens enabled, Live SDK Yes and Public client No. With the following APIs permissions:

  • Microsoft Graph – email – IMAP.AccessAsUser.All – offline_access – openid – profile – User.Read

I’m getting the tokens via oauth2-azure plugin for PHP League’s OAuth 2.0 Client setting the scope as ‘openid profile email offline_access %root%/IMAP.AccessAsUser.All %root%/User.Read’.

The MS Activity Page shows only my ok browser logins, nothing to validate there.

I got Google OAuth IMAP working in the same day, but after almost a week, Outlook is driving me nuts.

With SSL encryption Webklex/php-imap returns “Connection setup failed” and logs out “NOTICE: PHP message: got failure response: NO AUTHENTICATE failed.”. With TLS secutity it hangs till time-out after Nginx 1 minute limit.

Any ideas?

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (7 by maintainers)

Most upvoted comments

Hi @EthraZa , thank you for finding and posting a solution. I’ll add it to the documentation (including credits of course) 😃

Thanks again,

Update 22.01.2021: Documentation updated: https://www.php-imap.com/examples/oauth

+2
Webklex on Jan 22, 2021

https://outlook.office365.com/IMAP.AccessAsUser.All

Thanks @EthraZa for prompting the solution.

+1
amitleuva1987 on Jun 21, 2023

Connection to MS365 was working fine, but since recently we can’t connect it via OAuth. Does anybody knows if Microsoft made some changes to their Azure system?

connection setup failed; File: /vendor/webklex/php-imap/src/Client.php (391)

We are using the following endpoints: Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize Get Aceess Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token

Example of failed IMAP connection:

openssl s_client -crlf -connect outlook.office365.com:993
* OK The Microsoft Exchange IMAP4 service is ready. [QgBZAEEAUABSADAAMgBDAEEAMAAwADcAMgAuAG4AYQBtAHAAcgBkADAAMgAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
TAG1 AUTHENTICATE XOAUTH2 dXNlcj1mcmVlc2NvdXRAZGludGVuYW50Lm9ubWl...
TAG1 NO AUTHENTICATE failed.
* BYE Connection is closed. 13
read:errno=0

UPDATE: False alarm. User’s email license has expired in MS365. https://outlook.office365.com/mail/ says "emsg: UserHasNoMailboxAndNoLicenseAssignedError"

+1
freescout-helpdesk on Sep 22, 2022

It’s maybe related to https://github.com/MicrosoftDocs/office-developer-exchange-docs/issues/87 and https://github.com/MicrosoftDocs/office-developer-exchange-docs/issues/100

+1
EthraZa on Jan 5, 2021
Read more comments on GitHub
← hint: Private URL breaks online scanner
php-imap: Exception when move a message →