Error: BAD User is authenticated but not connected > outlook365 IMAP connection with oAuth token

[mitebu]

Hi

I'm having an issue configuring an IMAP connection to an Outlook365 account with oAuth token.
First of all, I attach the steps configured in Microsoft Entra ID, with this guide: Microsoft Answers

After configuring and testing the output of the Powershell script, I can read and access without problems to the folders of the mailbox.

But when I'm configuring the PHP-IMAP library for this connection, I reach the conection (user is authenticated) but when I try to read the folders ($client->getFolders();) it throws the error.

		`include 'includes/php-imap/vendor/autoload.php'; 

		use Webklex\PHPIMAP\ClientManager;

		$CLIENT_ID="/* censored data */";
		$CLIENT_SECRET="/* censored data */";
		$TENANT="/* censored data */";
		$REFRESH_TOKEN="/* censored data */";

		$url= "https://login.microsoftonline.com/$TENANT/oauth2/v2.0/token";

		$param_post_curl = [ 
		'client_id'=>$CLIENT_ID,
		'client_secret'=>$CLIENT_SECRET,
		'refresh_token'=>$REFRESH_TOKEN,
		'grant_type'=>'refresh_token' ];

		$ch=curl_init();

		curl_setopt($ch,CURLOPT_URL,$url);
		curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query($param_post_curl));
		curl_setopt($ch,CURLOPT_POST, 1);
		curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
		//ONLY USE CURLOPT_SSL_VERIFYPEER AT FALSE IF YOU ARE IN LOCALHOST !!!

		$oResult=curl_exec($ch);

		if(!empty($oResult)){
			
			//The token is a JSON object
			$array_php_resul = json_decode($oResult,true);
			
			if( isset($array_php_resul["access_token"]) ){

				$access_token = $array_php_resul["access_token"];
				//$cm = new ClientManager($options = ["options" => ["debug" => true]]);                     
				$cm = new ClientManager();	 
              
				$client = $cm->make([
					'host'          => 'outlook.office365.com',                
					'port'          => 993,
					'encryption'    => 'ssl',
					'validate_cert' => false,
					'username'      => '/* censored data */',
					'password'      => $access_token,
					'protocol'      => 'imap',
					'authentication' => "oauth",
					"timeout" => 30,
					"extensions" => []
				]);
				
				try {
					//Connect to the IMAP Server
					$client->connect();
					//$client->checkConnection();
					$folders = $client->getFolders();
					
				}catch (Exception $e) {
					echo 'Exception : ',  $e->getMessage(), "\n";
				}

			} else {
				echo('Error : '.$array_php_resul["error_description"]); 
			}
		}`

After contacting Microsoft Azure support, their answer is that with Powershell works, the problem is in the library or code configured.
I've been searching for a solution with no result, maybe some1 had the same problem and can help me?
Adittional information needed please aske me for it.

Best regards

[eaibizz]

I do have the same problem, just not a solution yet.
The connection succeeds but when calling the folders endpoint, the BAD User is authenticated but not connected issue shows itself.
At first I tested with a private account at Outlook.com which worked like a charm, but now I'm trying to connect to a business account at Office365.com and I have to go through 100 extra steps (f.e. due to MFA authentication) to set all the correct access rights so the connect() function already passed.

[eaibizz]

@mitebu @Webklex Today my colleague and I found out that this pull request fixes our issue too:
#474

Het problem is that now that empty children of subfolders (because they haven't any children) throw an exception, while at their parent level folders have been found already. Due to the recursiveness of the folder function the issue occurs.