GmailAuthSMTP icon indicating copy to clipboard operation
GmailAuthSMTP copied to clipboard

Published 20 hours ago verified publisher icon geoffsmith82

O365 - Doesn't Support AUTH or the specified SASL handlers

Open joshlour opened this issue 3 years ago • 11 comments
trafficstars

Good Morning Geoff,

Hope you are well.

Recently when trying the POP3 method for the Microsoft provider we are getting the error message; Doesn't support AUTH or the specified SASL handlers!!

Any ideas?

Best Regards, Josh.

joshlour avatar May 30 '22 01:05 joshlour

Unfortunately I don't seem to be able to get OAuth2 authentication working with POP3. Not quite sure if Microsoft doesn't support it or I am doing something wrong. IMAP does work though ( although the code will error because it is expecting Gmail folder structure - should be easy to fix)

geoffsmith82 avatar May 30 '22 04:05 geoffsmith82

Thanks for looking. Yeah I'm not sure why it doesn't work. I know the POP3 protocol does work as I tested it with some components other than Indy. But yes we've been using POP3 so wanted to avoid using IMAP if we could.

Microsoft documentation isn't all that helpful either; https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

joshlour avatar May 30 '22 06:05 joshlour

Unfortunately I don't seem to be able to get OAuth2 authentication working with POP3. Not quite sure if Microsoft doesn't support it or I am doing something wrong. IMAP does work though ( although the code will error because it is expecting Gmail folder structure - should be easy to fix)

Hi Geoff,

Not sure this is of any help. I also have problems with the demo that you wrote, but I have been successful with another component suite (nSoftware).

One of the things I am noticing is that Microsoft are now using very large tokens. Maybe I'm wrong, but I don't recall them being this long in the past. I'm talking lengths of 2,037 characters! I had problems with this because I was storing values in components such as TEdit's that were truncating the string after 1k of info.

This could be completely unrelated, or maybe Microsoft have been doing this for ages and I've just noticed, but thought I'd chime in just incase it's a possible factor and may be of help.

hairy77 avatar May 30 '22 06:05 hairy77

@hairy77 I don't think that is it. When I have got some time, I might have a look at putting the connection through a TLS proxy and see the difference between mine and maybe n/Software. Do you have a little demo project using n/software that works that I could use to help me look into this?

geoffsmith82 avatar May 30 '22 07:05 geoffsmith82

Good Afternoon Geoff, Hope you are doing well. Just wondering if you'd had a chance to have another look into this one? Best Regards, Josh.

joshlour avatar Aug 16 '22 02:08 joshlour

Hi Geoff,

I'm so sorry - I missed getting back to you re a demo. Please leave with me and I'll see what I can do about getting you a demo of something that works.

hairy77 avatar Aug 16 '22 03:08 hairy77

Hi Geoff,

I may be able to do one better for you. :-)

Using OpenSSL I can manually connect using the console successfully:

openssl  s_client -connect outlook.office365.com:995
  <_gets a bunch of SSL info_>
+OK The Microsoft Exchange POP3 service is ready. 
CAPA
+OK
TOP
UIDL
SASL PLAIN XOAUTH2
USER
.
AUTH XOAUTH2
+
   <_paste token in here_>
+OK User successfully authenticated.

I'm working with Remy at the moment into trying to get a successful POP3 test going. Remy has a new TIdSASLXOAuth2 class in one of the branches of Indy that will hopefully do the job. Seems that the TIdSASLXOAuth isn't up to the task with Microsoft. Hope this helps!

Best Regards

Adam

hairy77 avatar Aug 24 '22 00:08 hairy77

Receiving mail from outlook.office365.com without OAuth2

Try
    IdPOP31.IOHandler := IdSSLIOHandlerSocketOpenSSL1; 
    IdPOP31.UseTLS := utUseImplicitTLS; 
    IdPop31.Autologin:=True;
    IdPop31.AuthType := patUserPass;
    IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method := sslvSSLv23; {sslvTLSv1,sslvSSLv2,sslvSSLv23,3}
    IdPOP31.Username:='[email protected]'; 
    IdPOP31.Password:='xxxxx'; 
    IdPOP31.Host:='outlook.office365.com'; 
    IdPOP31.Port:=995; 
    IdPOP31.Connect;
  Except
    Exit;
  End;
  if IdPOP31.Connected then begin
    NumOfMsgs := IdPOP31.CheckMessages;
    Caption:=User+' > IntToStr(NumOfMsgs);
 end;

qeeo avatar May 17 '23 11:05 qeeo

Geoff, you made a great demo. I'm not a programmer, and I don't understand a lot. I made my own based on your authorization. But could you tell me about SASL. I can't change this line xoauthSASL.SASL := Provider.AuthenticationType.Create(nil); in the file EmailOAuthDm.pas ( AuthenticationType : TAuthType; > TAuthType = class of TIdSASLOAuthBase; > TIdSASLOAuthBase = class(TIdSASL) ) I tried to replace this line: xoauthSASL.SASL :=TIdsasl.Create(nil); And xoauthSASL.SASL :=TIdSASLOAuthBase.Create(nil); but the error "Doesn't Support AUTH or the specified SASL handlers" occurs. I don't want to connect the whole GmailAuthSMTP project because of one line. Sorry for my english using google translate.

I am trying to connect to pop.gmail.com

qeeo avatar May 17 '23 17:05 qeeo

If you just want to make it work with gmail, you need to make the line

xoauthSASL.SASL :=TIdSASLXOAuth.Create(nil);

geoffsmith82 avatar May 18 '23 02:05 geoffsmith82

Thanks a lot. Everything worked out. There was an error R:-ERR [AUTH] Invalid credentials. {"status":"400","schemes":"Bearer","scope":"https://mail.google.com/"} I sent request "scope":"https://www.googleapis.com/auth/gmail.readonly" IdPOP3 doesn't want to work with "readonly" I changed the request to "scope":"https://mail.google.com/" And it worked. Thanks again.

qeeo avatar May 18 '23 11:05 qeeo