IMAP not working for Office365 Exchange - log in or password incorrect

JerryGT · 21 August 2022 03:20

I am sure that the username and passwords are correct, but I keep getting this error when clicking SELECT inbox or trash box. Please Help!

vijay1992 · 22 August 2022 06:42

Hi @JerryGT
Please have a look:-

M4tDR · 22 August 2022 12:32

Good afternoon.
just to be clear, because I had same issue here.
The problem is related to Basic Authentication with Office365 (Exchange Online) and cannot be solved using app password, this works only for Google. App password still use basic authentication, and not Oauth 2, which is required from Microsoft starting from October 1st
I have customers that are using app password in Exchange Online, but the problem is still there.
I think the problem is in all IMAP wrapper used by SuiteCRM, cause is based on standard php IMAP library, that not provide Oauth.
One solution probably can be use a different library, such this (https://www.php-imap.com/) but I think in this case a lot of code must be changed, because this library is not compatible with standard fucntion used at the moment for manage IMAP messages

Any other idea?

M4tDR · 22 August 2022 12:43

Some additional info…
Just to advise the customer about this change Microsoft, for some customer, are disabling basic Auth for a short time (12-48 hours) during this period. Now you can fix this manually, but from October 1st this doesn’t work anymore.

Here a couple of link about this:

HTH

JerryGT · 23 August 2022 05:06

Hi @vijay1992 . I just tried using app password for microsoft exchange. But it still shows login or password incorrect. Do you have an idea of why this happens? Thanks!

JerryGT · 23 August 2022 05:07

Does this mean that basic auth can still be used before October? But still, I tried with the app password and it doesn’t work…

M4tDR · 23 August 2022 07:05

Hy @JerryGT ,
if the problem is that Microsoft disabled Basic Auth for a while (12-48h) if you see the second link I posted yesterday you should have info on how to enable it again.
I suppose this can be done within October 1st.

JerryGT · 23 August 2022 22:43

Thanks, it worked! Very much appreciated

mrrosenthal · 7 November 2022 20:43

whats your plan on how to use exchange after oct 1

M4tDR · 10 November 2022 15:37

Hi @mrrosenthal
personally the only quick (not so quick, I spent some time to understand how it works …) solution I found is this email proxy.

Anyway I think that SuiteCRM should solve this big issue, In the future I guess that the main vendor should go for OAuth and no more use simple authentication

HTH

ckangwei · 14 December 2022 02:08

Hi @M4tDR

I am trying to configure email proxy for outlook 365. May i know what is the redirect uri that you set?

Thanks and appreciate

pgr · 15 December 2022 12:19

This issue might be solved in this PR:

github.com/salesagility/SuiteCRM

Add OAuth connection to Inbound emails

salesagility:develop ← clemente-raposo:feature/emails-oauth

opened 04:17PM - 05 Dec 22 UTC

clemente-raposo

+10562 -3430

## Description #### Update External OAuth Connection Module - Add config.php entry to allow adding oauth external providers - Add ExternalOAuthConnection module to allow getting access through OAuth from external providers - Allow setting up Security groups for ExternalOuthConnections Emails ![emails-oauth-external-oauth-connection](https://user-images.githubusercontent.com/1140849/205686020-0ef624de-cff9-41cf-b728-24795dac8ec6.png) ![emails-oauth-personal-external-oauth-connection-edit](https://user-images.githubusercontent.com/1140849/205686044-5d003c8e-5264-4717-b5e4-5b09a7aa5f50.png) ![emails-oauth-personal-external-oauth-connection-detail](https://user-images.githubusercontent.com/1140849/205686060-9a79467c-05ac-4705-8672-7dd6bb804a17.png) #### Update Inbound Emails Module - Update Inbound email module views to user regular view defs - Allow creating Personal, Group and Bounce emails through InboundEmails create/edit view - Remove inbound email configuration from profile view configurations - Allow setting up Security groups for Inbound Emails - Allow selecting between basic auth and oauth on inbound email configuration - Allow selecting an external oauth connection as the connection to use for authenticating in Inbound emails ![emails-oauth-inbould-list-view](https://user-images.githubusercontent.com/1140849/205686142-363c77d1-42a3-4423-8d4a-b171f02efded.png) ![emails-oauth-personal-inbould-oauth](https://user-images.githubusercontent.com/1140849/205686165-7e3e2134-d182-455a-86e7-2671da3ad238.png) ![emails-oauth-personal-inbould-basic-auth](https://user-images.githubusercontent.com/1140849/205686278-721ca1ec-a50c-4e09-b95f-334b8bd144c8.png) ![emails-oauth-profile-view](https://user-images.githubusercontent.com/1140849/205686327-19444c17-aca4-44b3-a74b-45c5c31f6187.png) ![email-oauth-no-profile-personal-email-config](https://user-images.githubusercontent.com/1140849/205686340-b6d0a58e-b47c-40d3-a6a5-046e756d114d.png) #### Update Outbound Emails Module - Allow creating Personal outbound emails through Outbound email module create/edit view - Remove outbound email configuration from profile view configurations - - Allow setting up Security groups for Outbound Emails ![emails-oauth-oubound-listview](https://user-images.githubusercontent.com/1140849/205686462-c53929e7-6381-482a-96a2-c6098f1def99.png) ![emails-oauth-personal-outbound](https://user-images.githubusercontent.com/1140849/205686475-21b58cf4-f20e-4fdf-8202-0f1c2dfd19b1.png) #### Update IMAP connection library | Allow connecting with xoauth - Add imap2 lib to handle in order to support xoauth login in imap - Add Imap2Handler to be used to connect to IMAP for Oauth connections https://user-images.githubusercontent.com/1140849/205695529-099579bd-d24a-4564-a5ef-659bbd03e4fb.mp4 ## Motivation and Context - Allow connecting to IMAP using OAuth connections - Fix some bugs in current inbound and outbound email Configuration ## How To Test This 1. Configure a Microsoft connection provider using the following config.php configuration ```php 'external_oauth_providers' => [ 'Microsoft' => [ 'type' => 'Generic', 'client_id' => '<TO-REPLACE>', 'client_secret' => '<TO-REPLACE>', 'redirect_uri' => 'http://<TO-REPLACE>/index.php?entryPoint=setExternalOAuthToken', 'authorize_url_options' => [ 'scope' => 'offline_access IMAP.AccessAsUser.All SMTP.Send User.Read', ], 'extra_provider_params' => [ 'scopes' => 'offline_access imap.accessasuser.all smtp.send user.read', 'urlAuthorize' => 'https://login.microsoftonline.com/<TO-REPLACE>/oauth2/v2.0/authorize', 'urlAccessToken' => 'https://login.microsoftonline.com/<TO-REPLACE>/oauth2/v2.0/token', 'urlResourceOwnerDetails' => '', 'verify' => false ], 'get_token_request_grant' => 'authorization_code', // optional 'get_token_request_options' => [], // optional 'token_mapping' => [ // optional 'access_token' => 'access_token', 'expires_in' => 'expires_in', 'refresh_token' => 'refresh_token', 'token_type' => 'values.token_type' ] ], ], ``` 2. Go to Profile > External OAuth connection module and create new personal connection 3. Select Microsoft > Click Authenticate > Popup should appear 4. Add your credentials > Authorize > Connection fields should be field in with token information 5. Add a name > Save 6. Go to InboundEmail record 7. Change Auth Type from basic to OAuth 8. You should be able to see the records you and the ones you have access to by security groups 9 . Select a record > Save > The record should correctly save 10. Go to emails module. You should be able to see the emails sorted by received date 11. Try the filter panel you should be able to filter 12. You should not be able to sort or set sorting direction 13. You should be able to mark emails as read and unread 14. You should be able to flag and un-flag emails 15. You should be able to delete emails 16. You should be able to import emails 17. you should be able to go to the email detail view page 18. You should be able to see the email information in the detail view page 19 Configure a group inbound emails. You will need to create a group ExternalOauthConnection 20. Auto email import for cases should work for group emails 21. Inbound email repair should work ## Types of changes - [x] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [x] Breaking change (fix or feature that would cause existing functionality to change) ### Final checklist - [x] My code follows the code style of this project found [here](https://docs.suitecrm.com/community/contributing-code/coding-standards/). - [x] My change requires a change to the documentation. - [x] I have read the [**How to Contribute**](https://docs.suitecrm.com/community/contributing-code/) guidelines.

which is in the newly-released 7.13.0 Beta.

ckangwei · 15 December 2022 13:36

Hi @pgr

Thanks for your update. I do aware of that. I am waiting for the production release before we get into the test as there are a lot customization done on our instance.

Also, I am concerning that our use case and customization might be different from what this fixes had provided so am looking for alternative if there are any other options.

nilesh2323pal · 7 February 2023 14:43

I am also facing issue , i have configured outlook office and also create external auth connection and External auth provider. When i authenticate , it give me access token & refresh token etc. After that I created Inbound group account through External auth and checked the connection give me error “IMAP open error: Can not authenticate to IMAP server: Empty password”