如何使用python与oauth2获取IMAP访问MS Office 365邮件 |
您所在的位置:网站首页 › office验证程序 › 如何使用python与oauth2获取IMAP访问MS Office 365邮件 |
百度翻译此文
有道翻译此文
问题描述
Recently Microsoft has deprecated support for basic authentication to access Office 365 email accounts. Like some other developers, we now have an application that is now broken because of the change. From what I can tell, the code below should get authentication done (i do get a token back in result), but I am unable to find out what callable object should be the second argument for the imaplib.authenticate function. Can someone help please? import imaplib import msal client = '****-****-*-***' tenant = '****-****-*-***' secret_value = '****-****-*-***' secret_key = '****-****-*-***' server = 'outlook.office365.com' app = msal.ConfidentialClientApplication(client, authority=f'https://login.microsoftonline.com/{tenant}', client_credential=secret_value) result = app.acquire_token_for_client(scopes=['https://graph.microsoft.com/.default']) conn = imaplib.IMAP4_SSL(server) conn.debug = 4 conn.authenticate('XOAUTH2', ??) 推荐答案Your scope is wrong for IMAP on Office365 it needs to be result = app.acquire_token_for_client(scopes=['https://outlook.office365.com/.default']) That will ensure your token has the correct audience You also need to format your token correct as a SASL2 token eg here is a basic working example import sys import base64 import json import logging import imaplib import msal config = { "authority": "https://login.microsoftonline.com/eb8db77e-65e0-4fc3-b967-xxxxxx", "client_id": "18bb3888-dad0-4997-96b1-xxxxx", "scope": ["https://outlook.office.com/.default"], "secret": "_xxxxx", "tenant-id": "eb8db77e-65e0-4fc3-b967-xxxxx" } app = msal.ConfidentialClientApplication(config['client_id'], authority=config['authority'], client_credential=config['secret']) result = app.acquire_token_silent(config["scope"], account=None) def GenerateOAuth2String(username, access_token): auth_string = 'user=%s\1auth=Bearer %s\1\1' % (username, access_token) return auth_string if not result: logging.info("No suitable token exists in cache. Let's get a new one from AAD.") result = app.acquire_token_for_client(scopes=config["scope"]) if "access_token" in result: user = '[email protected]' server = 'outlook.office365.com' conn = imaplib.IMAP4_SSL(server) conn.debug = 4 conn.authenticate('XOAUTH2', lambda x: GenerateOAuth2String(user, result['access_token'])) else: print(result.get("error")) print(result.get("error_description")) print(result.get("correlation_id")) # You may need this when reporting a bugIf you get errors running the above its most likely you haven't registered the service principal in Exchange or granted permissions to the Mailbox. eg from https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/bc-p/1544725/highlight/true#M28589 New-ServicePrincipal -AppId -ServiceId [-Organization ] and Add-MailboxPermission -Identity "[email protected]" -User -AccessRights FullAccess Unlike the Graph or EWS when you use the client credentials flow in IMAP you don't get access to every mailbox in the tenant by default it must be explicitly granted. |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |