O365 - Doesn't Support AUTH or the specified SASL handlers

[joshlour]

Good Morning Geoff,

Hope you are well.

Recently when trying the POP3 method for the Microsoft provider we are getting the error message;
Doesn't support AUTH or the specified SASL handlers!!

Any ideas?

Best Regards,
Josh.

[geoffsmith82]

Unfortunately I don't seem to be able to get OAuth2 authentication working with POP3. Not quite sure if Microsoft doesn't support it or I am doing something wrong. IMAP does work though ( although the code will error because it is expecting Gmail folder structure - should be easy to fix)

[joshlour]

Thanks for looking. Yeah I'm not sure why it doesn't work. I know the POP3 protocol does work as I tested it with some components other than Indy. But yes we've been using POP3 so wanted to avoid using IMAP if we could.

Microsoft documentation isn't all that helpful either;
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

[hairy77]

Unfortunately I don't seem to be able to get OAuth2 authentication working with POP3. Not quite sure if Microsoft doesn't support it or I am doing something wrong. IMAP does work though ( although the code will error because it is expecting Gmail folder structure - should be easy to fix)

Hi Geoff,

Not sure this is of any help. I also have problems with the demo that you wrote, but I have been successful with another component suite (nSoftware).

One of the things I am noticing is that Microsoft are now using very large tokens. Maybe I'm wrong, but I don't recall them being this long in the past. I'm talking lengths of 2,037 characters! I had problems with this because I was storing values in components such as TEdit's that were truncating the string after 1k of info.

This could be completely unrelated, or maybe Microsoft have been doing this for ages and I've just noticed, but thought I'd chime in just incase it's a possible factor and may be of help.

[geoffsmith82]

@hairy77 I don't think that is it. When I have got some time, I might have a look at putting the connection through a TLS proxy and see the difference between mine and maybe n/Software. Do you have a little demo project using n/software that works that I could use to help me look into this?

[joshlour]

Good Afternoon Geoff,
Hope you are doing well. Just wondering if you'd had a chance to have another look into this one?
Best Regards,
Josh.

[hairy77]

Hi Geoff,

I'm so sorry - I missed getting back to you re a demo. Please leave with me and I'll see what I can do about getting you a demo of something that works.

[hairy77]

Hi Geoff,

I may be able to do one better for you. :-)

Using OpenSSL I can manually connect using the console successfully:

openssl  s_client -connect outlook.office365.com:995
  <_gets a bunch of SSL info_>
+OK The Microsoft Exchange POP3 service is ready. 
CAPA
+OK
TOP
UIDL
SASL PLAIN XOAUTH2
USER
.
AUTH XOAUTH2
+
   <_paste token in here_>
+OK User successfully authenticated.

I'm working with Remy at the moment into trying to get a successful POP3 test going. Remy has a new TIdSASLXOAuth2 class in one of the branches of Indy that will hopefully do the job. Seems that the TIdSASLXOAuth isn't up to the task with Microsoft. Hope this helps!

Best Regards

Adam

[qeeo]

Receiving mail from outlook.office365.com without OAuth2

Try
    IdPOP31.IOHandler := IdSSLIOHandlerSocketOpenSSL1; 
    IdPOP31.UseTLS := utUseImplicitTLS; 
    IdPop31.Autologin:=True;
    IdPop31.AuthType := patUserPass;
    IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvSSLv23; {sslvTLSv1,sslvSSLv2,sslvSSLv23,3}
    IdPOP31.Username:='[email protected]'; 
    IdPOP31.Password:='xxxxx'; 
    IdPOP31.Host:='outlook.office365.com'; 
    IdPOP31.Port:=995; 
    IdPOP31.Connect;
  Except
    Exit;
  End;
  if IdPOP31.Connected then begin
    NumOfMsgs := IdPOP31.CheckMessages;
    Caption:=User+' > IntToStr(NumOfMsgs);
 end;

[qeeo]

Geoff, you made a great demo. I'm not a programmer, and I don't understand a lot. I made my own based on your authorization. But could you tell me about SASL. I can't change this line
xoauthSASL.SASL := Provider.AuthenticationType.Create(nil);
in the file EmailOAuthDm.pas
(
AuthenticationType : TAuthType; >
TAuthType = class of TIdSASLOAuthBase; >
TIdSASLOAuthBase = class(TIdSASL)
)
I tried to replace this line:
xoauthSASL.SASL :=TIdsasl.Create(nil);
And
xoauthSASL.SASL :=TIdSASLOAuthBase.Create(nil);
but the error "Doesn't Support AUTH or the specified SASL handlers" occurs.
I don't want to connect the whole GmailAuthSMTP project because of one line. Sorry for my english using google translate.

I am trying to connect to pop.gmail.com

[geoffsmith82]

If you just want to make it work with gmail, you need to make the line

xoauthSASL.SASL :=TIdSASLXOAuth.Create(nil);

[qeeo]

Thanks a lot. Everything worked out. There was an error
R:-ERR [AUTH] Invalid credentials.
{"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"}
I sent request
"scope":"https://www.googleapis.com/auth/gmail.readonly"
IdPOP3 doesn't want to work with "readonly" I changed the request to
"scope":"https://mail.google.com/"
And it worked. Thanks again.