O365 connection with OAUTH2 not working

Question

I have followed all the steps mentioned in the article "OAuth 2.0 client credential flow with Office365/Exchange IMAP/POP3". All the setting mentioned at O365 exchange, azure are done. I have used SSL code to connect to the exchange. But it is failing authentication. Need help.
Following are the logs.

2023-03-20 17:12:59,200 3.0.23025.1850
2023-03-20 17:12:59,205 .NETFramework,Version=v4.5;NETFRAMEWORK;NET45;
2023-03-20 17:12:59,205 19CD S: * OK The Microsoft Exchange IMAP4 service is ready. [UABOADIAUAB ... AQwBPAE0A]
2023-03-20 17:12:59,240 19CD C: 19CD0000 CAPABILITY
2023-03-20 17:12:59,246 19CD S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
2023-03-20 17:12:59,246 19CD S: 19CD0000 OK CAPABILITY completed.
2023-03-20 17:12:59,264 19CD C: 19CD0001 ID
2023-03-20 17:12:59,269 19CD S: * ID ("name" "Microsoft.Exchange.Imap4.Imap4Server" "version" "15.20")
2023-03-20 17:12:59,270 19CD S: 19CD0001 OK ID completed
2023-03-20 17:12:59,874 19CD C: 19CD0002 AUTHENTICATE XOAUTH2 dXNlcj ... VVnAQE=
2023-03-20 17:13:00,624 19CD S: 19CD0002 NO AUTHENTICATE failed.

2023-03-20 17:13:13,271 Unable to fetch email: AUTHENTICATE failed.
2023-03-20 17:13:13,272 Limilabs.Client.IMAP.ImapResponseException: AUTHENTICATE failed.
   at __0000_00__.___(ImapResponse _0)
   at Limilabs.Client.IMAP.Imap.LoginOAUTH2(String user, String accessToken)

Answer 1

I'm absolutely sure that the article you mention:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp
...is up-to-date and contains all steps required to authenticate.

Please follow it carefully, double check every guid you enter.

Note that, every step is required - this includes assigning permissions using PowerShell.

1.
Start with troubleshooting with these PowerShell commands:

Get-ServicePrincipal
Get-MailboxPermission -Identity "AdeleV@your-domain.onmicrosoft.com"

ServiceId and User should match.

Then make sure the ServiceId is the same as the Object ID on the Enterprise Application screen (do not use the value from the App Registration screen - this is the most common mistake people tend to make)

Make sure the AppId is the same as the Application ID on the Enterprise Application screen

2.
Check if you can connect to this account using IMAP and regular interactive flow:

https://www.limilabs.com/blog/office-365-oauth-2-0-imap-pop3-email-client-connectivity-tools

This proves you have IMAP access properly configured.

If it doesn't work make sure IMAP/POP3 is enabled for your organization and mailbox:
https://www.limilabs.com/blog/office365-enable-imap-pop3-smtp

3.
Check if you added correct permissions and have granted Admin consent for your domain.

4.
Usually people use incorrect client/tenant ids/secrets – double check every single value you enter (also for additional spaces).

5.
You may need to wait up to 30 minutes for some changes to take effect.