Need Help: IMAP OAuth2 Authentication Issue for Outlook.com

Question

Hey everyone, we're hitting a wall trying to get IMAP access for an Outlook.com mailbox using OAuth2. We're always getting an AUTHENTICATE failed error, even though we've set up Azure AD, got the right permissions, and grabbed the access tokens. We're hoping someone here might have faced this and has some tips to share. 👇

What's Going On:

• Error Message: Every time we try to connect to an Outlook.com mailbox using imaplib in Python with OAuth2, we keep getting this:

    AUTHENTICATE failed.
  

  Our Setup: We're using imaplib in Python to connect to the Outlook IMAP server (outlook.office365.com, port 993).

    The access token comes from Azure AD, with `IMAP.AccessAsUser.All` scope.
  
       The auth string looks like this:
  
       ```javascript
       user=YOUR_EMAIL
      user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN
      user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN\x01
      user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN\x01\x01
       ```
  

What We've Tried:

Access Token Validity: We're making sure the token is new (less than an hour old) so it’s not expired.

IMAP Settings in Outlook: IMAP is definitely enabled in the mailbox settings.

Correct Scope and Permissions: We've got IMAP.AccessAsUser.All set as a delegated permission in Azure AD, with admin consent granted.

Public Client Setting: Azure AD app registration is set to allow public clients, and "Allow public client flows" is enabled.

Token Type: The access token is opaque, not a JWT, so we can't decode it with jwt.ms. Not sure if that's a problem for IMAP access.

Need Your Help:

Has anyone successfully used OAuth2 for IMAP with Outlook.com using Python? If so, we'd love to hear how you did it.

Are there any settings in Azure AD or Outlook that we're missing?

Could this be because we're getting an opaque token instead of a JWT?

Sample Code We're Using:

import imaplib
import ssl

IMAP_SERVER = "outlook.office365.com"
EMAIL_ACCOUNT = "your-email@outlook.com"
ACCESS_TOKEN = "YOUR_ACCESS_TOKEN"

try:
    context = ssl.create_default_context()
    imap_client = imaplib.IMAP4_SSL(IMAP_SERVER, port=993, ssl_context=context)
    auth_string = f"user={EMAIL_ACCOUNT}\x01auth=Bearer {ACCESS_TOKEN}\x01\x01"
    imap_client.authenticate("XOAUTH2", lambda x: auth_string)
    
    # Select the inbox
    imap_client.select("inbox")
    print("Authentication successful!")
    
    imap_client.logout()
except Exception as e:
    print(f"An error occurred: {e}")

Where We've Looked for Answers 🆓

Microsoft Q&A and Stack Overflow: We've searched everywhere but still no clear solution.

GitHub Issues: Checked imaplib and other library GitHub pages for similar issues.

Any Help is Welcome 🙏

If you’ve dealt with this before or have any ideas, please drop them below. We'd really appreciate any pointers to help us get this working. 💬Hey everyone, we're hitting a wall trying to get IMAP access for an Outlook.com mailbox using OAuth2. We're always getting an AUTHENTICATE failed error, even though we've set up Azure AD, got the right permissions, and grabbed the access tokens. We're hoping someone here might have faced this and has some tips to share. 👇

What's Going On:

Error Message: Every time we try to connect to an Outlook.com mailbox using imaplib in Python with OAuth2, we keep getting this:

AUTHENTICATE failed.

Our Setup:

We're using imaplib in Python to connect to the Outlook IMAP server (outlook.office365.com, port 993).

  The access token comes from Azure AD, with `IMAP.AccessAsUser.All` scope.
  
     The auth string looks like this:
     
     ```javascript
     user=YOUR_EMAIL
    user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN
    user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN\x01
    user=YOUR_EMAIL\x01auth=Bearer YOUR_ACCESS_TOKEN\x01\x01
     ```
     

What We've Tried:

Access Token Validity: We're making sure the token is new (less than an hour old) so it’s not expired.

IMAP Settings in Outlook: IMAP is definitely enabled in the mailbox settings.

Correct Scope and Permissions: We've got IMAP.AccessAsUser.All set as a delegated permission in Azure AD, with admin consent granted.

Public Client Setting: Azure AD app registration is set to allow public clients, and "Allow public client flows" is enabled.

Token Type: The access token is opaque, not a JWT, so we can't decode it with jwt.ms. Not sure if that's a problem for IMAP access.

Need Your Help:

Has anyone successfully used OAuth2 for IMAP with Outlook.com using Python? If so, we'd love to hear how you did it.

Are there any settings in Azure AD or Outlook that we're missing?

Could this be because we're getting an opaque token instead of a JWT?

Sample Code We're Using:

import imaplib
import ssl

IMAP_SERVER = "outlook.office365.com"
EMAIL_ACCOUNT = "your-email@outlook.com"
ACCESS_TOKEN = "YOUR_ACCESS_TOKEN"

try:
    context = ssl.create_default_context()
    imap_client = imaplib.IMAP4_SSL(IMAP_SERVER, port=993, ssl_context=context)
    auth_string = f"user={EMAIL_ACCOUNT}\x01auth=Bearer {ACCESS_TOKEN}\x01\x01"
    imap_client.authenticate("XOAUTH2", lambda x: auth_string)
    
    # Select the inbox
    imap_client.select("inbox")
    print("Authentication successful!")
    
    imap_client.logout()
except Exception as e:
    print(f"An error occurred: {e}")

Where We've Looked for Answers 🆓

Microsoft Q&A and Stack Overflow: We've searched everywhere but still no clear solution.

GitHub Issues: Checked imaplib and other library GitHub pages for similar issues.

Any Help is Welcome 🙏

If you’ve dealt with this before or have any ideas, please drop them below. We'd really appreciate any pointers to help us get this working. 💬