使用oauth2身份验证读取Outlook收件箱-错误NO AUTHENTICATE失败

4sup72z8  于 2022-12-11  发布在  其他
关注(0)|答案(2)|浏览(399)

我正在尝试使用node imap库连接到Outlook电子邮件收件箱。
Outlook需要oauth2身份验证,这是我的代码,尝试使用msal库检索到的oauth2令牌连接到IMAP服务器。
我遵循了以下指南:https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

async function getMSToken(){

  let msalConfig = {
    auth: {
      clientId: "1cf7d7ff-*****************",
      authority: "https://login.microsoftonline.com/880c05e3-*****************",
      clientSecret: "azQ8Q~eU.*****************",
    }
  };

  const cca = new msal.ConfidentialClientApplication(msalConfig);

  let tokenRequest = {
    scopes: [ "https://graph.microsoft.com/.default" ],
  };

  let { accessToken } = await cca.acquireTokenByClientCredential(tokenRequest);
  console.log("accessToken", accessToken);

  let user = "*****************@*****************";

  return btoa('user=' + user + '^Aauth=Bearer ' + accessToken + '^A^A');

}

async function connect(){

  let token = await getMSToken();
  console.log("tokenConverted", token);

  imap = new Imap({
    xoauth2: token,
    host: 'outlook.office365.com',
    port: 993,
    tls: true,
    debug: console.log
  });

  imap.once("ready", () => {

    console.log("connected");

  });

  imap.once("error", function(err) {
    console.error("Error connecting", err);
  });

  console.log("connecting...");
  imap.connect();

}

该msal库返回我一个访问令牌,但当我试图连接到IMAP服务器,这是连接日志:

<= '* OK The Microsoft Exchange IMAP4 service is ready. [QQBNADUAUABSADAANwAwADEAQwBBADAAMAAyADQALgBlAHUAcgBwAHIAZAAwADcALgBwAHIAbwBkAC4AbwB1AHQAbABvAG8AawAuAGMAbwBtAA==]'
=> 'A0 CAPABILITY'
<= '* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+'
<= 'A0 OK CAPABILITY completed.'
=> 'A1 AUTHENTICATE XOAUTH2 ***********************'
<= 'A1 NO AUTHENTICATE failed.'

以下是租户的权限:

如果我尝试范围**https://outlook.office365.com/IMAP.AccessAsUser.All**来自msal库的响应,它是:

1002012 - [2022-10-24 14:46:27Z]: AADSTS1002012: The provided value for scope https://outlook.office365.com/IMAP.AccessAsUser.All is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).\r\n

我能试试什么?谢谢!

wh6knrhe

wh6knrhe1#

我已经看过了上面的代码。我在下面的过程中修复了这个问题。
您可以将用户名和访问令牌一起编码为以下格式,它将工作。

let base64Encoded =  Buffer.from([`user=${mailId}`, `auth=Bearer ${token}`, '', ''].join('\x01'), 'utf-8').toString('base64');

var imap = new Imap({
       xoauth2: base64Encoded ,
       host: 'outlook.office365.com',
       port: 993,
       tls: true,
       debug: console.log,
       authTimeout: 25000,
       connTimeout: 30000,
       tlsOptions: {
         rejectUnauthorized: false,
         servername: 'outlook.office365.com'
      }
    });

in this process I have fixed This above problem.
 and scope should be

scopes:["https://outlook.office365.com/.default"]
2cmtqfgy

2cmtqfgy2#

这有点棘手(在我们的Azure AAD示例中的IMAP上设置OAUTH2身份验证),但是非常小心地遵循https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth应该可以工作。
我猜您可以尝试使用范围“https://outlook.office365.com/.default“
我对Node了解不多,但我可以分享一个使用JAVA在该范围(https://github.com/victorgv/dev-notes/tree/main/Using%20IMAP%20with%20OAuth%202%20authenticate%20and%20Office%20365)下运行的示例。

相关问题