Oauth authentication against MS Exchange IMAP fails since basic authentication blocked
Overview
Bounce processing using Oauth to authenticate against MS Exchange fails since Microsoft blocked basic authentication against IMAP.
Reproduction steps
- Set up an Azure AD application to allow CiviCRM to check bounce processing against MS Exchange
- Configure Oauth to use it.
- Create a Mail account for bounce processing.
- Save and Test fails. Current behaviour
An error occured while sending or receiving mail. The IMAP server did not accept the username and/or password: A0001 NO LOGIN failed.. (See log for more details.)
Expected behaviour
Success.
Environment information
- Browser: MS Edge but probably irrelevant.
- CiviCRM: 5.54.0
- PHP: 7.4_ but probably irrelevant.
- CMS: Drupal 9.4.8 but probably not relevant
- Database: MySQL 8.31 but probably not relevant
- Web Server: IIS 10 but probably not relevant.
Comments
Oauth scopes:
https://outlook.office.com/IMAP.AccessAsUser.All
https://outlook.office.com/POP.AccessAsUser.All
https://outlook.office.com/SMTP.Send
https://outlook.office.com/User.Read
Azure AD App permissions:
Microsoft Graph (12)
email Delegated
IMAP.AccessAsUser.All Delegated
Mail.Read Application
Mail.ReadBasi Application
Mail.ReadBasic.All Application
Mail.ReadWrite Application
Mail.Send Application
offline_access Delegated
openid Delegated
POP.AccessAsUser.All Delegated
SMTP.Send Delegated
User.Read Delegated
My suspicion is that the extension never worked properly but instead the mail account was using basic authentication so it wasn't an issue. So, when basic authentication was disabled, the application stopped working. Has anyone else seen this issue?