Access token o365, php-imap doesn't work. #315
Comments
|
This is an issue with the Microsoft Oauth2 process, not with the php-imap repository. Please make sure you have used the correct Microsoft IMAP scopes to generate the token under:
|
|
Thanks for the suggestion. Below I am sending the screen from Azure and the PHP version. What do you think of my code that generates the access token, code is correct?
|
|
You need to specify the scope "https://outlook.office.com/IMAP.AccessAsUser.All" in your oauth workflow. |
|
Thanks for your help, now I can login by Oauth2 but can't get the e-mail.
Json decode |
|
Sorry, can't really help, contact the microsoft support. |
|
I found a solution to my problem, now everything works :) |
Hi @Aldi1990 may know what is your solution as I have same issue |
|
@moikzz213 write more information about your an issue and write code which you use. |
|
Hi @ufo1990, I am using PHP Laravel Framework. currently this is my code, reference (https://www.php-imap.com/examples/oauth) $client = new ClientManager();
$client->make([
'host' => 'outlook.office365.com',
'port' => 993,
'encryption' => 'ssl', // 'tls',
'validate_cert' => true,
'username' => '[email protected]',
'password' => $response['access_token'],
'protocol' => 'imap',
'authentication' => "oauth",
]);
$client->connect();
if(!$client->isConnected()){
echo json_encode($client);
return;
} I received an error |
|
Can you access via Basic Authentication? How do you get a token? show code |
|
Before I was able to access using basic but now I cannot login. I got my token by using the code below |
|
Hi @moikzz213 , If you are still facing issues, please take a look at #262 and make sure you're using the correct scope (I believe Best regards & happy coding, |
|
Hi @Webklex I already update npm and composer but I still cant figure out the solution. attached image is my code. |
|
@moikzz213 I don't know. I have no way of testing or verifying it. Maybe this thread can help you as well: #264 My blind guess: some checkbox somewhere within your setup needs to be ticked. Best regards, |
|
I tried with the updated dependencies and get the same issue. Attached is a list of my configuration in Azure AD
|
|
For those having "User is authenticated but not connected", it seems that o365 imap over ipv6 is not working. |
Hello, can you tell me how I can do this? |
I added the hostname and it's ipv4 address in the local hosts file. |
|
plz can anyone give the full proper working code? |
|
I implemented this last week. Let me try to help. first you have to register an app in azure.portal.com Copy application id and tenant id from the application. Code example: On my website I created 4 routes/endpoints that point to a controller class with four methods: private string $tenant = "...";
private string $clientId = "....";
private string $redirectUri = "https://[YOUR_WEBSITE_HERE.COM]/mail/callback";
private string $secret = '....';/mail/auth => this endpoint is called manually by you the first time. it generates the url to login and redirects to microsoft login page. first time you insert the user and password of the user that you will use to acess (one or many) mailbox(s) public function auth()
{
$authUri = 'https://login.microsoftonline.com/' . $this->tenant
. '/oauth2/v2.0/authorize?client_id=' . $this->clientId
. '&scope=https://outlook.office365.com/IMAP.AccessAsUser.All'
. '&redirect_uri=' . urlencode($this->redirectUri)
. '&response_type=code'
. '&approval_prompt=auto';
// redirect to login
return $this->response->withHeader('Location', $authUri);
}/mail/callback => this url is the url you configured in the redirect URIs section of the app and is called by microsoft if auth is correct. microsoft sends code and session state in GET that you will then use to get a valid access token that will be used as password to autenticate public function callback()
{
$code = $_GET['code'];
$sessionState = $_GET['session_state'];
$url= "https://login.microsoftonline.com/".$this->tenant."/oauth2/v2.0/token";
$param_post_curl = [
'client_id' => $this->clientId,
'scope' => 'https://outlook.office365.com/IMAP.AccessAsUser.All offline_access',
'code' => $code,
'session_state' => $sessionState,
'client_secret' => $this->secret, // this is the secret generated in the app menu certificates and secrets.
'redirect_uri' => $this->redirectUri,
'grant_type' => 'authorization_code'
];
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($param_post_curl));
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
$oResult = curl_exec($ch);
$tokens = json_decode($oResult);
$db->table('tokens')->insert([
'AccessToken' => $tokens->access_token,
'RefreshToken' => $tokens->refresh_token,
'ExpiresIn' => $tokens->expires_in,
]);
// at this point you have stored a valid access token that can be used to login.
}/mail/refresh => enpoint to refresh acess token. acess token is valid for about 1.5 hours so I call this endpoint from a cron every hour using the refresh token to generate a new access token. If this never fails there is no need to ever do the previous two steps again. public function refresh()
{
$db = // connect to your db and get last valid refresh token
$res = $db->selectOne("select RefreshToken from tokens order by id desc limit 1");
$param_post_curl = [
'client_id' => $this->clientId,
'client_secret' => $this->secret,
'refresh_token' => $res->RefreshToken,
'grant_type' => 'refresh_token'
];
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL, "https://login.microsoftonline.com/".$this->tenant."/oauth2/v2.0/token");
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($param_post_curl));
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
// curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false); // uncoment this line if localhost
$oResult = curl_exec($ch);
$tokens = json_decode($oResult);
// save new valid tokens
$db->table('tokens')->insert([
'AccessToken' => $tokens->access_token,
'RefreshToken' => $tokens->refresh_token,
'ExpiresIn' => $tokens->expires_in,
]);
}from here just get the access token from the db and connect to the mailbox: $cm = new ClientManager();
$client = $cm->make([
'host' => 'outlook.office365.com',
'port' => 993,
'encryption' => 'ssl',
'validate_cert' => false,
'username' => $email,
'password' => $accessToken,
'protocol' => 'imap',
'authentication' => 'oauth'
]);
$client->connect();done! |
Hi, I am facing same issues on office365 mail. that is << TAG1 OK AUTHENTICATE completed. >> TAG2 LIST "" "*" << TAG2 BAD User is authenticated but not connected. >> TAG3 LOGOUT << * BYE Microsoft Exchange Server IMAP4 server signing off. << TAG3 OK LOGOUT completed. Can you give me solutions please ? Thank you |
|
@Aldi1990 Still i didnt get any solution, If you found it, Pls Post here. Thank you. |
|
@MouMoutMan @thanjeys In Ms Azure Are you set all correct ? |
|
@Aldi1990 Yes, I did it, I was working good suddenly its not working from this month onwards. Any idea ? |
|
@thanjeys secret key is actual ? |
|
@Aldi1990 No luck, I tried that too. Even i tried with different account. How did u you solve issue ? Thanks |
|
@thanjeys Look to my solution |
|
@Aldi1990 Thanks for your solution, I will check it and let you know. if any luck. Thanks |
@jupitern I have followed your code, It was working fine. But recently its not working.. So Can you confirm Is it working Good for you ? Thanks |
|
For anyone encountering this issue which tripped me up for many hours -- when requesting an access token, you cannot supply Microsoft Graph scopes with Outlook scopes. For example, with the below scopes, an access token will be returned, but it cannot actually be used to connect to Outlook over IMAP: $scopes = [
'User.Read',
'offline_access',
'https://outlook.office.com/IMAP.AccessAsUser.All',
];You must re-request a new access token with only the See Microsoft employee reply here:
|
I don't know where is the problem. I did everything in Microsoft Azure and below code, generation access token and it's works. When I will assign token to password php-imap doesn't work.
When I disabled auth and log in by basic authenication by normal password php-imap works.
Debug show info:
<< * OK The Microsoft Exchange IMAP4 service is ready. [REDACTED==] >> TAG1 AUTHENTICATE XOAUTH2 REDACTED.............................== << TAG1 NO AUTHENTICATE failed. >> TAG2 LOGOUT << * BYE Microsoft Exchange Server IMAP4 server signing off. << TAG2 OK LOGOUT completed.
The text was updated successfully, but these errors were encountered: