Office365 SMTP AUTH XOAUTH2 Fails with “535 5.7.3 Authentication unsuccessful”

If you successfully minted an OAuth2 access token for your Azure Entra Id App, but then it fails when attempting to use it in the SMTP protocol for sending email with the error: AUTH XOAUTH2 user=xxx auth=Bearer ********************** 535 5.7.3 Authentication unsuccessful [ 2024-04-16T12:11:26.548Z 08DC9999186DF999] Check your Entra Id App Registration to make sure you have the following App Permissions:

Office365 App Setup for SMTP, POP, IMAP OAuth2 Client Credentials

This blog post walks you through the complete Azure App Registration process, including the subsequent Exchange Online PowerShell commands needed to achieve the OAuth2 client credentials flow for Office365 email sending and reading via the SMTP, IMAP, and POP3 protocols. I wish there was an “easy button”, but unfortunately it does not exist. Step 1. Register an Azure App Go […]

OAuth2 in a DataFlex Web Application

Question: I have seen that your lib support OAuth2 for DataFlex-Framework but only for Desktop-Clients.  Is it correct or is there any support for DataFlex-Web-Applications? Answer: The functionality Chilkat provides in desktop applications for the OAuth2 authorization code flow, is to make your desktop application behave as a temporary web server to receive the single local HTTP redirect request from […]

OAuth2 Client Credentials – for when YOUR application is accessing resources in YOUR account (not somebody else’s)

OAuth2 Client Credentials can be used for authentication when you own the application, and you also own the account (such as Office 365, or Google, etc.) that your application will access. In other words, YOUR application is simply accessing resources in YOUR account, and YOU are the application user (or your application is running as a service or background process). […]

ASP VBscript and Office365 OAuth2 Access Token

The Chilkat.OAuth2 class is designed for desktop applications, not server-side web applications. To explain further: The call to OAuth2.StartAuth does 2 things: Returns a URL you’ll open in a browser to interactively get authorization from the service’s account owner. Starts a background thread to act as a web server for the redirect request that will be forwarded from the local […]

Clarifying the Desktop Application OAuth2 Flow

To clarify further: When your desktop application (or script) calls Chilkat.OAuth2.StartAuth, two things happen: It returns a URL that you need to open in a web browser to obtain authorization interactively from the account owner of the service you are integrating with. It initiates a background thread that acts as a web server to handle the redirect request sent from […]

Office365 POP3 Authenticate Fails but Previously Succeeded

It’s normal for OAuth2 access tokens to expire after some time, such as 1 hour, and then you’ll need to refresh and retry. For example, this error in the LastErrorText for a call to Pop3Authenticate could indicate the OAuth2 accces token expired: Pop3Authenticate: DllDate: Mar 28 2023 ChilkatVersion: UnlockPrefix: *** Architecture: Little Endian; 32-bit Language: ActiveX VerboseLogging: 1 Pop3Authenticate: […]

Getting an OAuth2 access token using “client credentials” does not require interactivity with a browser

The “client credentials” OAuth2 flow is allowed by many REST API’s for the case where a program is running in a non-interactive environment. It’s simply an HTTP POST where the client_id and client_secret are sent, and the OAuth2 access token is returned. If you have a sample CURL statement that demonstrates how to do it, you can generate Chilkat source […] SMTP, POP3, IMAP OAuth2 Tips, Hints, and Solutions

This page will be updated as time progresses with what we’ve learned about getting things working with OAuth2 authentication for using the email protocols: SMTP, POP3, and IMAP. How do Other Office365 Users Send Email using my App Registered in my Azure Active Directory? It’s important to understand Tenancy in Azure Active Directory Apps.   See this When you […]