#1871 new
Michael Herman

Oauth2 options missing from IMAP account settings

Reported by Michael Herman | November 14th, 2017 @ 06:43 AM

The title pretty much sums it up. When I create a new account, the oauth2 option is missing. I am using Version 1.9.7 (5425) with High Sierra 10.13.1.

Thanks.

Comments and changes to this ticket

  • benny

    benny November 14th, 2017 @ 09:02 AM

    The OAuth2 option depends on the entered server hostname. It only works for *.gmail.com, *.googlemail.com and *.outlook.com if I remember correctly.

    Does that explain it?

  • Michael Herman

    Michael Herman November 14th, 2017 @ 02:21 PM

    It does. My hostname is outlook.office365.com and we are using Oauth2. Is there any hack to make it an option?

  • benny

    benny November 14th, 2017 @ 02:29 PM

    • State changed from “new” to “accepted”

    Not currently. It comes up now and then, but I haven't yet fully determined if MailMate can support it or not. It's quite easy to get lost in all of the Outlook/Office365/Azure documentation and millions of buzzwords. I'll mark the ticket as “accepted”, but don't expect it soon. It's not even certain that it can be supported by desktop email clients at all.

  • Michael Herman

    Michael Herman November 28th, 2017 @ 10:32 PM

    I tried imap.outlook.com and didn't get the oauth2 option. I did try imap.gmail.com and did get the option. Can you verify the domains that work for oauth2?

    Thanks.

  • benny

    benny November 29th, 2017 @ 10:16 AM

    It only works for imap-mail.outlook.com. I wasn't aware that imap.outlook.com was an option, but I assume it's just an alias for the same thing. I've added to MailMate that it behaves just like for the imap-mail variant in future releases. I've done the same for smtp.

  • Michael Herman

    Michael Herman November 29th, 2017 @ 05:32 PM

    Thanks. I appreciate your responses on this. I think there's one other issue for me. When I go to imap-mail.outlook.com in my browser, I'm taken to a login page at login.microsoftonline.com. After I enter my user name, I'm redirected to my organizations login page. Using imap-mail.outlook.com in Mailmate, the browser takes me to login.live.com which doesn't work for me. Any ideas or thoughts?

    Thanks very much.

  • benny

    benny November 29th, 2017 @ 07:45 PM

    Hmm, I guess it doesn't (maybe can't) work then. At least not without some different settings and MailMate somehow being registered with your organization. Or maybe that's incorrect -- as I noted further above it's easy to get lost in all of the documentation for OAuth2 and Outlook. I'll update this ticket if anything changes in MailMate.

  • Philip Kizer

    Philip Kizer January 19th, 2018 @ 04:46 PM

    My organization just turned on 2-factor thereby subjecting me to this failure as well. Like the original submitter my organization's server name that previously worked was 'outlook.office365.com'.

    When using the /owa/ web page I get redirected to another page to grant access to the token, but obviously without MailMate accepting that as a server name that should begin the OAuth2 process I no longer have access via MailMate and am left using either the /owa/ web interface or the Outlook client that feels so toy-like in comparison.

    If you reach the point of needing any other accounts to test patches with, I will be more than happy to assist from this end.

  • Philip Kizer

    Philip Kizer April 4th, 2018 @ 07:32 PM

    This is coming up for me again, have you looked to see if there is a way to treat outlook.office365.com similarly in MailMate to how it treats outlook.com for looking for XOAUTH2 support?

  • Tom Scogland

    Tom Scogland October 30th, 2018 @ 12:35 AM

    We recently had this come up as well. In fact, our IT department has made it impossible to authenticate with outlook.office365.com without oauth unless we're on VPN. This means MailMate gives me incorrect password errors whenever I connect from a different network.

    For what it's worth, both outlook for Mac and Mail.app on Mojave implement this authentication mode as desktop apps. That doesn't necessarily mean there's an easy way to get registered and/or get access, but at least its an example of some desktop app that can do it.

  • Tom Scogland

    Tom Scogland October 30th, 2018 @ 01:00 AM

    In case it is at all useful, this is apparently the specific arm of oauthv2 support that actually works when an organization turns on their new make sure MS services don't work for anyone setting. (sorry if this is just noise)

  • benny

    benny October 30th, 2018 @ 05:11 PM

    @Tom: Thanks! I had looked into it earlier on and I found the same resource. It is, unfortunately, quite easy to get lost in all of the documentation related to this and very little is directly describing what a desktop email client for IMAP/SMTP should do (I'm not even sure its clearly stated that it should work). Previously it seemed Microsoft would never support this for Office365, but it appears they might have changed that. My main problem is that I don't have a test account, but I think there is a free trial... I would just really like to avoid having to set that up :)

    Nevertheless, I tried doing what I would think is necessary for it to work and then decided to let you try it ;)

    Download this: https://updates.mailmate-app.com/archives/MailMate_r5549.tbz

    Enable this:

    defaults write com.freron.MailMate MmUseOAuth2ForOffice365 -bool YES

    Relaunch and setup an Office365 account with OAuth2. I haven't tested anything and it most likely won't work, but maybe it'll lead to something that works :)

  • Tom Scogland

    Tom Scogland October 30th, 2018 @ 07:03 PM

    Awesome! Thank you @benny!

    I've continued looking into this, and found something that you might find useful if that doesn't work just yet (will check shortly). It seems the most recent trunk versions of DavMail, the open source exchange->imap proxy server and a desktop app of a sort, is adding support for this, and it works with oauth2 on the office365 side and mailmate on the imap side (though running an old java server to get to my email is... frustrating). Issue for it is here.

  • benny

    benny October 30th, 2018 @ 07:05 PM

    I believe I have a test account now, but it doesn't appear to work, but I promise to spend some time debugging. Thanks for the link.

  • Philip Kizer

    Philip Kizer October 30th, 2018 @ 07:19 PM

    I can confirm you're really close...I get a popup for organizational login, perform the login and it goes to confirm 2fa, I click the "allow" on my app for the 2fa, the window goes away and there's a slight pause (the activity window shows "Retreiving password", "Error code: 12", "Failed action (1000). Reset observed read/write timeouts: 8/8") and then I get asked for auth again.

    I see you've since updated that you have a test account, let me know if any of my logs will help.

  • Tom Scogland

    Tom Scogland October 30th, 2018 @ 07:26 PM

    This looks really close actually. When I try it, I get the authentication page, with my account already logged in which seems to mean it talked kerberos (very nice!), and I can successfully pass that. It tries to redirect to my organization's login page to get the final authorization, which is under adfs.llnl.gov, and produces a console log like this (partially redacted to remove my email address and so-forth):

    [8 <private> stream, pid: 20172, url: https://adfs.llnl.gov/adfs/ls/?login_hint=<email>&client-request-id=921769ad-e8fb-4d75-a688-d2068fdfc0c8&username=<username>, tls] cancelled
        [8.1 FA94D936-F76F-4D2C-850B-AC99B1BE81D1 <private>.61378<-><private>]
        Connected Path: satisfied (Path is satisfied), interface: en0, ipv4, dns
        Duration: 0.139s, DNS @0.000s took 0.007s, TCP @0.008s took 0.004s, TLS took 0.004s
        bytes in/out: 11421/5808, packets in/out: 13/7, rtt: 0.003s, retransmitted packets: 0, out-of-order packets: 0
    

    The authorization window prompt pops up repeatedly after this but just stays blank and then clears away. The messages bounce between the above and the authentication authorization request:

    https://login.microsoftonline.com/common/oauth2/authorize?client_id=facd6cff-a294-4415-b59f-c5b01937d7bd&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient&response_mode=query&resource=https://outlook.office365.com
    

    For reference, the davmail logs show these same requests when working, but it goes through the adfs request interactively, then when that succeeds it gets the usual login.microsoftonline.com response with the oauth code. Maybe just allowing an intermediate redirect?

  • benny

    benny October 30th, 2018 @ 08:52 PM

    Ok, I give up for now. I got to the point that I had a refresh token and an access token, but both IMAP and SMTP OAuth2 authentication failed.

    Davmail doesn't talk IMAP/SMTP to the Exchange server so I'm not sure that is of much help.

    It's certainly not unlikely I'm doing something wrong, but I think I need to know that something else can use OAuth2 with IMAP and/or SMTP before proceeding (with outlook.office365.com) :-)

  • Tom Scogland

    Tom Scogland November 1st, 2018 @ 05:05 PM

    I owe you an apology @benny. This is a new low for MS, but while they fully support XOAUTH2 authentication on outlook.com, and they support it for graph and activesync, and it shows up in the capabilities list for imap on office365, they don't support it on that channel, and don't intend to.

    This is, at best, frustrating. For now I'm going to be running a pre-production davmail proxy to get the job done, but if you're ever interested in adding an option to use one of the sync methods they do support, I'd be happy to chip in some money to support it.

  • benny

    benny November 2nd, 2018 @ 02:14 PM

    • State changed from “accepted” to “bluesky”

    Well, they do advertise XOAUTH2 which seems to indicate that it's not completely unlikely to change. I actually spent (wasted) some more time on the issue to make sure that I couldn't make it work. At least it should be ready for testing if they should announce support in the future...

    I'll mark it as bluesky here since it's out of my hands.

  • annak

    annak October 14th, 2019 @ 12:28 AM

    So, hello all, first post here. I'd emailed Benny about this a week or so ago. My university/employer uses Office365 and is about to activate mandatory 2FA. In addition Microsoft is about to end IMAP support.

    Benny suggested Davmail, I'm testing it now in O365 Interactive mode, seems to work okay thus far. I'm curious if anyone has had any luck with mandatory Office365 2FA lately?

    Edit 14 Oct 2019

    I got an email from my personal email provider (Fastmail) that they plan to continue support for O365 integration as soon as Microsoft provides developer documentation for their new authentication method, apparently coming soon. This would allow for a workflow along the lines of MailMate<--(IMAP)-->Fastmail<--(Exchange/ActiveSync/Whatever)-->Office365. It's hardly an ideal situation, but it is a start.

  • Tom Scogland

    Tom Scogland October 18th, 2019 @ 08:30 PM

    I’d note Microsoft actually announced that they’re ending basic auth support, not IMAP support. They actually stated that they’ll be adding OAUTH2 support to IMAP on office365, which is good news, but haven’t said how yet: https://developer.microsoft.com/en-us/office/blogs/end-of-support-f...

    Just that they’ll unveil oauth in the next few months.

  • benny

    benny October 19th, 2019 @ 06:01 AM

    @Tom: Thanks for the link. Even though I am skeptical about the use of OAuth2 for desktop email clients, this is great news for Office365 users. It is much better than if they decided to drop IMAP support completely. Note that it won't work automatically in MailMate since each application needs to be explicitly registered with Microsoft (which MailMate already is for outlook.com IMAP/SMTP).

  • David Shepherdson

    David Shepherdson February 28th, 2020 @ 12:44 AM

    Looks like this is the latest update on the situation:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-aut...

    After you get past all the anti-IMAP/anti-third-party sentiment, this seems like the key paragraph:

    We’ve completed our development work and are rolling out Modern Auth support for POP and IMAP in Exchange Online now. Documentation for developers is being finalized and we’ll link to it in this blog post when it is available.

    (My work recently decided to switch from an on-site IMAP server to Office 365, and at this stage I'm still very relieved that I can continue to use MailMate -- hoping the days of that won't be numbered, though it sounds like the Davmail approach may be a viable workaround if necessary.)

  • benny

    benny February 28th, 2020 @ 10:17 AM

    • State changed from “bluesky” to “accepted”

    @David: Thanks for the link! Disregarding all the FUD about IMAP :) then this is a welcome explicit description of what the plans are for office365.com and IMAP/SMTP. Previously, I was unsure if it was already supported and it is (for me) very hard to navigate and find the relevant parts of the numerous resources available about authentication/Exchange/office365.

    But it doesn't seem like I can do anything yet: “We’ve completed our development work and are rolling out Modern Auth support for POP and IMAP in Exchange Online now. Documentation for developers is being finalized and we’ll link to it in this blog post when it is available.”

    I don't see a way to be notified when the blog post is updated, but I'm sure someone will eventually update this ticket when it happens :) I've switched the ticket to “accepted” since it appears there is a path forward for this “feature” now.

    Just for the record, my concerns about OAuth2 for IMAP/SMTP are still the same.

  • benny

    benny February 28th, 2020 @ 10:53 AM

    Clarification: Even if MailMate supports OAuth2 for Office365 accounts, it doesn't mean that it'll necessarily just work for everybody. I think each organization might have to allow it explicitly. On the other hand, this is not how Google Apps works (MailMate does work for everyone as far as I know).

  • Tom Scogland

    Tom Scogland February 28th, 2020 @ 05:28 PM

    That’s correct. I pulled the defaults setting you set up before out and tested it again, the request appeared to work, but my organization hasn’t allowed the mailmate application (all are disallowed by default) so I’ll have a chat with them about allowing it.

  • MGi

    MGi March 19th, 2020 @ 02:02 PM

    Hi,

    I started to have problems accessing my O365 account this morning. I enabled the defaults write com.freron.MailMate MmUseOAuth2ForOffice365 -bool YES, and our company admin granted me access so I can permit MailMate.

    After the OAuth login, it seems that MM starts to connect to the account, but after a few seconds, I'm asked to fill in my password again - MM is stuck in this loop. Anyone facing the same issue?

    My account settings...

    Btw, the OAuth option is not active for SMTP.

  • benny

    benny March 19th, 2020 @ 06:47 PM

    @MGi: I have no (known) users accessing office365.com accounts using OAuth2. The hidden preference is just my attempt at guessing how it might work, but (as far as I know) it might not actually be enabled for the server(s) yet -- and there is no documentation for how it should work yet.

    I'm thinking your problem might be unrelated to the authentication method. I suggest you try again with the password based approach with an application specific password.

  • MGi

    MGi March 19th, 2020 @ 07:29 PM

    @benny That's interesting. After MM stopped working for me, I switched to Mail.app, and I had to reauthorize it too. I was also forced to change my password when the OAuth method was used for the first time.

    I'll try to give it a shot with the app-specific password.

    Thanks.

  • MGi

    MGi March 20th, 2020 @ 11:45 AM

    UPDATE: MailMate works today as it did before. It seems there was a problem on the MS side, even they reported nothing.

  • benny

    benny May 8th, 2020 @ 09:13 AM

    Here is the latest from MicroSoft on IMAP/SMTP OAuth2 support for Office365: In short, they are still working on it which means that I cannot work on it.

  • benny

    benny May 8th, 2020 @ 09:17 AM

    Oh, wait, I was wrong! They didn't update the updated blog post (as they did with the previous one), but they do have a more recent announcement of IMAP/SMTP support: https://techcommunity.microsoft.com/t5/exchange-team-blog/announcin...

    I'll update this ticket when I've had time to look into it, but note that I have limited resources and these things are often harder than they seem at first :-)

  • benny

    benny May 10th, 2020 @ 08:55 AM

    Update: My first attempts at making this work failed, but I now suspect it might be because it simply doesn't work for the personal (free) office365 account I am using for testing. I think the best next step would be for one of you to try out the latest beta of Thunderbird and see if you can make IMAP with OAuth2 authentication work with that. If you can, then I'll make a test release for you in which you can try out my attempt to make it work in MailMate.

  • MGi

    MGi May 10th, 2020 @ 12:54 PM

    Hi Benny,

    Sorry for the late reply.

    Well, MS and their KBs are "hilarious".

    I tested the latest Thunderbird beta, and it works ok with OAuth2.

  • benny

    benny May 10th, 2020 @ 01:49 PM

    @MGi: Thanks for trying Thunderbird. I assume you got the mini-browser-window within Thunderbird which allowed you to log in to the account to provide the permissions needed to access your account? Does the account use some kind of multi factor authentication?

    Maybe you can help me debug the MailMate support for OAuth2 via email. Use “Help > Send Feedback” to write me. And don't worry, I do not expect rapid correspondence in this process :-)

  • MGi

    MGi May 10th, 2020 @ 02:36 PM

    @benny: No problem. Yes, I got the "browser" window asking for permission to access data in O365. This account I can test with (unfortunately) doesn't use MFA.

    I can help you with that. Do you want me to send the feedback form the O365 account?

  • benny

    benny May 10th, 2020 @ 02:45 PM

    @MGi: No, it doesn't matter where you write from. It's just so that we can exchange setup details and I can provide you with a test release.

  • MGi

    MGi May 10th, 2020 @ 03:06 PM

    Ok.

    I sent you a feedback.

  • benny

    benny May 11th, 2020 @ 02:27 PM

    Update: @MGi made it work with IMAP using OAuth2 (using a non-multi-factor-authentication account). We'll see if SMTP also works. In any case, here are the steps needed to try this out:

    • Fetch the latest test release: Hold down the option key when clicking “Check Now” in the Software Update preferences pane. You need revision r5687+.
    • Enable OAuth2 for Office365 accounts: defaults write com.freron.MailMate MmUseOAuth2ForOffice365 -bool YES

    UPDATE (January, 2020): Do NOT use MmUseOAuth2ForOffice365 any longer. It never worked correctly for the current public release of MailMate (1.13.x) and it is not needed in the test releases (1.14+) since it's enabled by default. If you need OAuth2 support for Office365, you need to use the current test release of MailMate. These can, at the time of writing this, be found here.

    • Relaunch MailMate.
    • Enable OAuth2 in the IMAP account settings window in MailMate (File > Edit IMAP Account > ...). Do it for both IMAP and SMTP.
    • Make sure outlook.office365.com is the hostname for both IMAP and SMTP.
    • Relaunch MailMate just to make sure we get a clean start.
    • Take the account online if that's not already the case.
    • Depending on what happens, contact your IT department and ask for MailMate to be permitted for your account.

    Success or failure can be reported to me via “Help > Send Feedback” in MailMate.

  • benny

    benny May 16th, 2020 @ 08:54 AM

    • State changed from “accepted” to “fixcommitted”

    For the record, this does appear to work for at least 2 users. I'll enable the availability of the option of OAuth2 for Office 365 accounts by default. (In other words, I'll remove the MmUseOAuth2ForOffice365 hidden preference.)

  • Shri

    Shri August 13th, 2020 @ 05:19 PM

    The hidden preference also worked for me in setting up an Office 365 account that requires OAUTH2. I got the mini-browser window and was asked for my Office 365 password. I couldn't complete the setup because MM hasn't been authorized by the Office365 admins at my workplace. I sent a request to allow MM, and in the meantime I am using the Davmail workaround that others suggested on this thread.

  • Stefan Seiz

    Stefan Seiz October 7th, 2020 @ 09:17 AM

    Hi @Benny

    i was happy to find this today, as my Employer also uses exchange on office365 and has enabled 2FA, so my account in MailMate just stopped working. I have followed the steps in https://freron.lighthouseapp.com/projects/58672/tickets/1871-oauth2... and am very close to being able to log in.

    The Problem is, that after supplying the password and 2FA-Code, the Password-Dialog pops up again after a short time. Below see the relevant entries from the activity viewer. Any ideas what's going wrong here?

    09:09:53 Running action
    09:09:53 Sending request (20)
    09:09:53 Handling request
    09:09:53 Ready to run action (retry count: 0)
    09:09:53 Clearing connection to outlook.office365.com
    09:09:53 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:09:53 Resolved hostname (outlook.office365.com).
    09:09:53 Prepare secure connection...
    09:09:53 Successful connection.
    09:09:53 Initiating secure connection...
    09:09:53 Returned (4)...
    09:09:53 Protocol version: kTLSProtocol12
    09:09:53 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADQAUABSADAAMgAwADIAQwBBADAAMAAwADkALgBlAHUAcgBwAHIAZAAwADIALgBwAHIAbwBkAC4AbwB1AHQAbABvAG8AawAuAGMAbwBtAA==]
    09:09:53 C: A0 CAPABILITY
    09:09:53 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:09:53 S: A0 OK CAPABILITY completed.
    09:09:53 Retrieving password (keychain or user request)
    09:09:53 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:10:09 S:
    09:10:09 Error code: 9
    09:10:09 New timeout values (8/8): 24/24
    09:10:09 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:10:09 Handling reply
    09:10:09 Running action
    09:10:09 Sending request (18)
    09:10:09 Handling request
    09:10:09 Trying to disconnect nicely (12)...
    09:10:09 C: A2 LOGOUT
    09:10:11 S: A1 NO AUTHENTICATE failed.
    09:10:11 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:10:11 S: A2 OK LOGOUT completed.
    09:10:11 Clearing connection to outlook.office365.com
    09:10:12 Ready to run action (retry count: 1)
    09:10:12 Clearing connection to outlook.office365.com
    09:10:12 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:10:12 Resolved hostname (outlook.office365.com).
    09:10:12 Prepare secure connection...
    09:10:12 Successful connection.
    09:10:12 Initiating secure connection...
    09:10:12 Returned (4)...
    09:10:12 Protocol version: kTLSProtocol12
    09:10:12 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADQAUABSADAANQBDAEEAMAAwADAANgAuAGUAdQByAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:10:12 C: A0 CAPABILITY
    09:10:12 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:10:12 S: A0 OK CAPABILITY completed.
    09:10:12 Retrieving password (keychain or user request)
    09:10:12 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:10:13 S: A1 NO AUTHENTICATE failed.
    09:10:13 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:10:13 Retrieving password (keychain or user request)
    09:10:13 Error code: 12
    09:10:13 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:10:13 Handling reply
    09:10:13 Error: Failed multiple retries (2). Final error code was 14.
    09:10:13 Terminating non-running connection...
    09:10:13 Running action
    09:10:13 Sending request (21)
    09:10:13 Handling request
    09:10:13 Trying to disconnect nicely (12)...
    09:10:13 C: A2 LOGOUT
    09:10:13 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:10:13 S: A2 OK LOGOUT completed.
    09:10:13 Clearing connection to outlook.office365.com
    09:10:13 Ready to run action (retry count: 0)
    09:10:13 Clearing connection to outlook.office365.com
    09:10:13 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:10:13 Resolved hostname (outlook.office365.com).
    09:10:13 Prepare secure connection...
    09:10:13 Successful connection.
    09:10:13 Initiating secure connection...
    09:10:13 Returned (4)...
    09:10:13 Protocol version: kTLSProtocol12
    09:10:13 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADQAUABSADAANQBDAEEAMAAwADIAMQAuAGUAdQByAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:10:13 C: A0 CAPABILITY
    09:10:13 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:10:13 S: A0 OK CAPABILITY completed.
    09:10:13 Retrieving password (keychain or user request)
    09:10:13 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:10:14 S: A1 NO AUTHENTICATE failed.
    09:10:14 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:10:14 Retrieving password (keychain or user request)
    09:10:14 Error code: 12
    09:10:14 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:10:14 Handling reply
    09:10:14 Error: Failed multiple retries (1). Final error code was 14.
    09:10:14 Terminating non-running connection...
    09:10:14 Running action
    09:10:14 Sending request (22)
    09:10:14 Handling request
    09:10:14 Trying to disconnect nicely (12)...
    09:10:14 C: A2 LOGOUT
    09:10:14 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:10:14 S: A2 OK LOGOUT completed.
    09:10:14 Clearing connection to outlook.office365.com
    09:10:14 Ready to run action (retry count: 0)
    09:10:14 Clearing connection to outlook.office365.com
    09:10:14 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:10:14 Resolved hostname (outlook.office365.com).
    09:10:14 Prepare secure connection...
    09:10:14 Successful connection.
    09:10:14 Initiating secure connection...
    09:10:15 Returned (4)...
    09:10:15 Protocol version: kTLSProtocol12
    09:10:15 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADQAUABSADAANQBDAEEAMAAwADAAOAAuAGUAdQByAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:10:15 C: A0 CAPABILITY
    09:10:15 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:10:15 S: A0 OK CAPABILITY completed.
    09:10:15 Retrieving password (keychain or user request)
    09:10:15 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:10:15 S: A1 NO AUTHENTICATE failed.
    09:10:15 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:10:15 Retrieving password (keychain or user request)
    09:10:15 Error code: 12
    09:10:15 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:10:15 Handling reply
    09:10:15 Error: Failed multiple retries (1). Final error code was 14.
    09:10:15 Terminating non-running connection...
    09:10:16 Running action
    09:10:16 Sending request (23)
    09:10:16 Handling request
    09:10:16 Trying to disconnect nicely (12)...
    09:10:16 C: A2 LOGOUT
    09:10:16 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:10:16 S: A2 OK LOGOUT completed.
    09:10:16 Clearing connection to outlook.office365.com
    09:10:16 Ready to run action (retry count: 0)
    09:10:16 Clearing connection to outlook.office365.com
    09:10:16 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:10:16 Resolved hostname (outlook.office365.com).
    09:10:16 Prepare secure connection...
    09:10:16 Successful connection.
    09:10:16 Initiating secure connection...
    09:10:16 Returned (4)...
    09:10:16 Protocol version: kTLSProtocol12
    09:10:16 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADQAUABSADAANQBDAEEAMAAwADEAOAAuAGUAdQByAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:10:16 C: A0 CAPABILITY
    09:10:16 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:10:16 S: A0 OK CAPABILITY completed.
    09:10:16 Retrieving password (keychain or user request)
    09:10:16 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:10:16 S: A1 NO AUTHENTICATE failed.
    09:10:16 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:10:16 Retrieving password (keychain or user request)
    09:10:16 Error code: 12
    09:10:16 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:10:16 Handling reply
    09:11:01 Running action
    09:11:01 Sending request (19)
    09:11:01 Handling request
    09:11:01 Trying to disconnect nicely (12)...
    09:11:01 C: A2 LOGOUT
    09:11:01 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:11:01 S: A2 OK LOGOUT completed.
    09:11:01 Clearing connection to outlook.office365.com
    09:11:02 Ready to run action (retry count: 1)
    09:11:02 Clearing connection to outlook.office365.com
    09:11:02 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:11:02 Resolved hostname (outlook.office365.com).
    09:11:02 Prepare secure connection...
    09:11:02 Successful connection.
    09:11:02 Initiating secure connection...
    09:11:02 Returned (4)...
    09:11:02 Protocol version: kTLSProtocol12
    09:11:02 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADAAUABSADAAMgBDAEEAMAAwADkAMgAuAGUAdQByAHAAcgBkADAAMgAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:11:02 C: A0 CAPABILITY
    09:11:02 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:11:02 S: A0 OK CAPABILITY completed.
    09:11:02 Retrieving password (keychain or user request)
    09:11:02 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:11:02 S: A1 NO AUTHENTICATE failed.
    09:11:02 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:11:02 Retrieving password (keychain or user request)
    09:11:02 Error code: 12
    09:11:02 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:11:02 Handling reply
    09:11:21 Running action
    09:11:21 Sending request (24)
    09:11:21 Handling request
    09:11:21 Trying to disconnect nicely (12)...
    09:11:21 C: A2 LOGOUT
    09:11:21 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:11:21 S: A2 OK LOGOUT completed.
    09:11:21 Clearing connection to outlook.office365.com
    09:11:23 Ready to run action (retry count: 2)
    09:11:23 Clearing connection to outlook.office365.com
    09:11:23 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:11:23 Resolved hostname (outlook.office365.com).
    09:11:23 Prepare secure connection...
    09:11:23 Successful connection.
    09:11:23 Initiating secure connection...
    09:11:23 Returned (4)...
    09:11:23 Protocol version: kTLSProtocol12
    09:11:23 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADAAUABSADAANABDAEEAMAAxADQANAAuAGUAdQByAHAAcgBkADAANAAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:11:23 C: A0 CAPABILITY
    09:11:23 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:11:23 S: A0 OK CAPABILITY completed.
    09:11:23 Retrieving password (keychain or user request)
    09:11:23 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:11:23 S: A1 NO AUTHENTICATE failed.
    09:11:23 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:11:23 Retrieving password (keychain or user request)
    09:11:23 Error code: 12
    09:11:23 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:11:23 Handling reply
    09:11:36 Running action
    09:11:36 Sending request (21)
    09:11:36 Handling request
    09:11:36 Trying to disconnect nicely (12)...
    09:11:36 C: A2 LOGOUT
    09:11:36 S: * BYE Microsoft Exchange Server IMAP4 server signing off.
    09:11:36 S: A2 OK LOGOUT completed.
    09:11:36 Clearing connection to outlook.office365.com
    09:11:39 Ready to run action (retry count: 3)
    09:11:39 Clearing connection to outlook.office365.com
    09:11:39 Trying to connect to outlook.office365.com on port 993 (CFNetwork) without STARTTLS (required)
    09:11:39 Resolved hostname (outlook.office365.com).
    09:11:39 Prepare secure connection...
    09:11:39 Successful connection.
    09:11:39 Initiating secure connection...
    09:11:39 Returned (4)...
    09:11:39 Protocol version: kTLSProtocol12
    09:11:39 S: * OK The Microsoft Exchange IMAP4 service is ready. [QQBNADAAUABSADAANQBDAEEAMAAwADkAMAAuAGUAdQByAHAAcgBkADAANQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
    09:11:39 C: A0 CAPABILITY
    09:11:39 S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
    09:11:39 S: A0 OK CAPABILITY completed.
    09:11:39 Retrieving password (keychain or user request)
    09:11:39 C: A1 AUTHENTICATE XOAUTH2 ••••••••••
    09:11:40 S: A1 NO AUTHENTICATE failed.
    09:11:40 Error: Server response: “A1 NO AUTHENTICATE failed.”. Command attempted: “A1 AUTHENTICATE XOAUTH2 ••••••••••”.
    09:11:40 Retrieving password (keychain or user request)
    09:11:40 Error code: 12
    09:11:40 Failed action (1000). Reset observed read/write timeouts: 8/8

    09:11:40 Handling reply
    09:11:53 Terminating non-running connection...
    09:13:53 Running action
    09:13:53 Sending request (25)
    09:13:53 Handling request
    09:13:53 Trying to disconnect nicely (30)...
    09:13:53 C: R2 LOGOUT
    09:13:53 Error: Connection error (Broken pipe).
    09:13:53 Clearing connection to outlook.office365.com
    09:13:53 Ready to run action (retry count: 0)
    09:13:53 Disconnecting
    09:13:53 Clearing connection to outlook.office365.com
    09:13:53 Completed action (3). Observed read/write timeouts: 8/8

    09:13:53 Handling reply

  • benny

    benny October 27th, 2020 @ 03:14 PM

    If anyone following this ticket has experience setting up OAuth2 for MailMate on the server side (Office365 admin I guess) then please take a look at ticket #2669 where @Stefan has provided more details about his problems making OAuth2 work with MailMate. It might be a MailMate issue, but this is very hard to debug without more information about why the server rejects authentication.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

Referenced by

Pages