-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.5.2
-
None
-
MOODLE_405_STABLE
Using Microsoft Exchange Services (M365) to receive Incoming Mails with IMAP and authenticating with XAUTH2 fails without setting up and connecting a system account to OAuth 2-Services.
Protocol for incoming mails pickup tasks:
Connecting to outlook.office365.com:993 as ***
|
DEBUG: [08CA] Connecting to ssl://outlook.office365.com:993...
|
DEBUG: [08CA] S: * OK The Microsoft Exchange IMAP4 service is ready.
|
DEBUG: [08CA] C: A0001 CAPABILITY
|
DEBUG: [08CA] S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
|
DEBUG: [08CA] S: A0001 OK CAPABILITY completed.
|
DEBUG: [08CA] C: A0002 AUTHENTICATE PLAIN ****** [53]
|
DEBUG: [08CA] S: A0002 NO AUTHENTICATE failed.
|
Scheduled task failed: Eingehende E-Mail-Abholung (tool_messageinbound\task\pickup_task),tool_messageinbound/imapconnectfailure (Could not connect to IMAP server.)
|
Debug info:
|
Could not connect to IMAP server.
|
Backtrace:
|
* line 228 of /admin/tool/messageinbound/classes/manager.php: call to tool_messageinbound\manager->get_imap_client()
|
* line 52 of /admin/tool/messageinbound/classes/task/pickup_task.php: call to tool_messageinbound\manager->pickup_messages()
|
* line 410 of /lib/classes/cron.php: call to tool_messageinbound\task\pickup_task->execute()
|
* line 208 of /lib/classes/cron.php: call to core\cron::run_inner_scheduled_task()
|
* line 125 of /lib/classes/cron.php: call to core\cron::run_scheduled_tasks()
|
* line 186 of /admin/cli/cron.php: call to core\cron::run_main_process()
|
It seems that although Microsoft server reports capability AUTH=XOAUTH2 it is not used, but instead Moodle replies with "AUTHENTICATE PLAIN" and should reply with "AUTHENTICATE XOAUTH2", because OAUTH2 provider for Microsoft is set up in /admin/tool/oauth2/issuers.php.
The problem seems to be calling the function get_system_oauth_client in
moodle/admin/tool/messageinbound/classes/manager.php
See Github here: https://github.com/moodle/moodle/blob/1e51bc0b9c496817f6dbf332329a2969cc2d4ee2/admin/tool/messageinbound/classes/manager.php#L134
This function returns "false" if no system account is connected.
Why do I need a Microsoft Entra system account for simple IMAP connection authenticated with XOAUTH2?
And if really needed: What are the minimum requirements - could you pls. provide setup instructions (documentation) how to minimize footprint and therefore maximize security?! With GMail it obviously was tested (MDL-61921). Could you please provide an example setting for connecting to Microsoft Exchange Online using IMAP with XOAUTH2?
