Mailkit OAuth Hotmail A00000001没有身份验证失败

时间:2020-04-06 08:28:12

标签: c# microsoft-graph-api mailkit

尝试通过Mailkit Imap使用OAuth连接到Hotmail。

我尝试使用Microsoft的Graph API提取电子邮件,它可以正常工作,我可以连接到Hotmails,提取电子邮件。因此,这证明了我在Azure上的配置很好。

使用Mailkit时,代码如下:

    private async Task ConnectAndAuthenticateAsync()
    {
        SaslMechanismOAuth2 oauth2 = null;

        try
        {
            if (imapClient.IsConnected == false || imapClient.IsAuthenticated == false)
            {
                oauth2 = await GetOutlookCredentials();
                // outlook.office365.com imap-mail.outlook.com
                //imapClient.AuthenticationMechanisms.Clear();
                await imapClient.ConnectAsync("outlook.office365.com", 993, SecureSocketOptions.SslOnConnect);
                await imapClient.AuthenticateAsync(oauth2);
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
            throw ex;
        }

    }

   public async Task<SaslMechanismOAuth2> GetOutlookCredentials()
    {
        var response = new List<string>();

        var consoleCallback = new LogCallback((logLevel, message, bol) =>
        {
            response.Add(message);
            Console.WriteLine(message);
        });

        string authorityFormat = "https://login.microsoftonline.com/{0}/v2.0";
        string tenantId = "common";
        string redirectUri = "https://localhost:44394/";

        var scopes = new string[] { "https://outlook.office365.com/.default" };

        IConfidentialClientApplication app;
        var clientId = "xxxxx";

        app = ConfidentialClientApplicationBuilder.Create(clientId)
            .WithClientSecret("xxxxxx")
            .WithTenantId(tenantId)
            .WithRedirectUri(redirectUri)
            .WithLogging(consoleCallback)
            .Build();
        AuthenticationResult result = null;
        try
        {
            result = await app?.AcquireTokenForClient(scopes)?.ExecuteAsync();
        }
        catch (Exception ex)
        {
            response.Add($"{Environment.NewLine}==>{ex.Message}");
        }

        SaslMechanismOAuth2 oauth = new SaslMechanismOAuth2(clientId, result.AccessToken);
        return oauth;
    }

这是Mailkit日志:

Connected to imaps://imap-mail.outlook.com:993/
S: * OK The Microsoft Exchange IMAP4 service is ready. [TQBFAEEAUABSADAAMQBDAEEAMAAwADkANgAuAGEAdQBzAHAAcgBkADAAMQAuAHAAcgBvAGQALgBvAHUAdABsAG8AbwBrAC4AYwBvAG0A]
C: A00000000 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+ 
S: A00000000 OK CAPABILITY completed.
C: A00000001 AUTHENTICATE XOAUTH2 dXNlcj0yODg4YmIxZi1jOTI1LTRjNzQtYjlhMi02ZmY4MDA4NzQ4MTIBYXV0aD1CZWFyZXIgZXlKMGVYQWlPaUpLVjFRaUxDSnViMjVqWlNJNkluVmtla1JQTXpreGRtTm1jSEpCYlZJd2NWTnZlbFYzZUZsa2IyZHNZbk5DT0RORloxVlhPRU5rUTFFaUxDSmhiR2NpT2lKU1V6STFOaUlzSW5nMWRDSTZJbGxOUlV4SVZEQm5kbUl3YlhodlUwUnZXV1p2YldweFptcFpWU0lzSW10cFpDSTZJbGxOUlV4SVZEQm5kbUl3YlhodlUwUnZXV1p2YldweFptcFpWU0o5LmV5SmhkV1FpT2lKb2RIUndjem92TDI5MWRHeHZiMnN1YjJabWFXTmxNelkxTG1OdmJTSXNJbWx6Y3lJNkltaDBkSEJ6T2k4dmMzUnpMbmRwYm1SdmQzTXVibVYwTDJZNFkyUmxaak14TFdFek1XVXROR0kwWVMwNU0yVTBMVFZtTlRjeFpUa3hNalUxWVM4aUxDSnBZWFFpT2pFMU9EWXhOakF6Tmprc0ltNWlaaUk2TVRVNE5qRTJNRE0yT1N3aVpYaHdJam94TlRnMk1UWTBNalk1TENKaGFXOGlPaUkwTW1SbldVeHFURXR1Y0VjMWRuWnpNVzlRV0dGdU1XNDNkbWcxUWtGQlBTSXNJbUZ3Y0Y5a2FYTndiR0Y1Ym1GdFpTSTZJbEJoY0dGNVpXVWlMQ0poY0hCcFpDSTZJakk0T0RoaVlqRm1MV001TWpVdE5HTTNOQzFpT1dFeUxUWm1aamd3TURnM05EZ3hNaUlzSW1Gd2NHbGtZV055SWpvaU1TSXNJbWxrY0NJNkltaDBkSEJ6T2k4dmMzUnpMbmRwYm1SdmQzTXVibVYwTDJZNFkyUmxaak14TFdFek1XVXROR0kwWVMwNU0yVTBMVFZtTlRjeFpUa3hNalUxWVM4aUxDSnphV1FpT2lJM1pUWXdaR1psWXkxbE5qbGpMVFJoTnpndFlUWTVNQzB6T0dWa01qaGtZakZtTmpraUxDSjBhV1FpT2lKbU9HTmtaV1l6TVMxaE16RmxMVFJpTkdFdE9UTmxOQzAxWmpVM01XVTVNVEkxTldFaUxDSjFkR2tpT2lJNGNDMW9aVmhyWWxaRlR6VkxPV3RFU25rd05rRkJJaXdpZG1WeUlqb2lNUzR3SW4wLllOY3RMWVA0LV9NWkxfMWpwalJQSUU5bzlQV3NDSUtoZTM4UnFYSXVVS0ZBaVJLTXJLTXhfakFQQWhpZkNibnBJdl94Ylk1YkpLcmJTV1JVTFRFZHhNb0tBMUlVZmFpNURzb25qQXlwTGtuS3JoVTFvOHV1MUV3UDlGeW5xZHVNb2lKamJ1SndXY09tWUlUQmp0MXR1bW5SVmptRFUyYTdxbUZMMDljNTBzNG1SbHpTWjJXSjRYYUVfQVFIUG9GOTJhMjY3SjM4SU95ZnpYYlh6WWJlX1JKaGNtT0I5R25lQnRvRFY0WFRWTjhhMjBBTmhIRnc1bVVSMi1qQzVHa1U3N3dsNU1zS1B3ODIwMGlBbHZoVGh2RGY0T2lKWlVIMFl4TUd5YmFadGZVNDcyRHdYcWp4WFdBWlg5TERJRDdYS3NBWU1pWHlhWDRiaWpZTlJuQ2h3ZwEB
S: A00000001 NO AUTHENTICATE failed.

值得一提的是:

await imapClient.ConnectAsync("outlook.office365.com", 993, SecureSocketOptions.SslOnConnect);

成功,这是引发错误的下一行代码

await imapClient.AuthenticateAsync(oauth2);

更新1

overview

更新2

我发现a document说:Office365 Oauth不支持SMTP / IMAP4,仅支持EWS。

enter image description here

这是否意味着我们将无法通过IMap4将OAuth用于Hotmail?

更新3

enter image description here

我发现有两套不同的Mail.Read集,一套来自Graph,一套来自Exchange,以及EWS.AccessAsUser.All来自Exchange,就像我遵循https://www.emailarchitect.net/eagetmail/sdk/?ct=object_oauth_live的教程一样

我现在完全迷路了,不知道我应该使用哪一套。

2 个答案:

答案 0 :(得分:0)

请勿使用clientId作为用户名。那不是用户名。

答案 1 :(得分:0)

请求的令牌不包含有关邮箱的任何信息。尽管您正确地请求了令牌,但是该令牌不能用于访问IMAP邮箱。您还需要将电子邮件地址或邮箱用户名添加到令牌中。但是根据https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-client-assertions上的文档,没有相应的声明可以添加到令牌中。

要使用服务帐户的OAuth2令牌访问Google邮箱,您必须在“子”声明中提供该邮箱的电子邮件地址。您的方法无法做到这一点。 AcquireTokenForClient需要“ iss”(客户端ID)和“ sub”来匹配。

相关问题
最新问题