Export (0) Print
Expand All

Connect to Outlook.com IMAP using OAuth 2.0

Authenticate users with Outlook.com IMAP (OIMAP) and OAuth 2.0.

Outlook.com IMAP commands

You can use the following IMAP commands. For more information about these commands, see IMAP version 4 revision 1, as defined by RFC 3501.

CommandDescription
APPENDAppends the literal argument as a new message to the end of the specified destination mailbox.
AUTHENTICATEIndicates a Simple Authentication and Security Layer (SASL) authentication mechanism to the server.
CAPABILITYRequests a listing of capabilities that the server supports.
CHECKRequests a checkpoint of the currently selected mailbox.
CLOSEPermanently removes all messages that have the \Deleted flag set from the currently selected mailbox, and returns to the authenticated state from the selected state.
COPY/UID COPYCopies the specified message(s) to the end of the specified destination mailbox.
CREATECreates a mailbox with the given name.
DELETEPermanently removes the mailbox with the given name.
EXAMINEIdentical to SELECT and returns the same output; however, the selected mailbox is identified as read-only.
EXPUNGEPermanently removes all messages that have the \Deleted flag set from the currently selected mailbox.
FETCH/UID FETCHRetrieves data associated with a message in the mailbox.
UIDUnique identifier.
LISTReturns a subset of names from the complete set of all names available to the client.
LOGINIdentifies the client to the server and carries the plaintext password authenticating this user.
LOGOUTInforms the server that the client is done with the connection.
LSUBReturns a subset of names from the set of names that the user has declared as being "active" or "subscribed".
NOOPDoes nothing. It always succeeds.
RENAMEChanges the name of a mailbox.
SEARCHSearches the mailbox for messages that match the given searching criteria.
SELECTSelects a mailbox so that messages in the mailbox can be accessed.
STOREAlters data associated with a message in the mailbox.
SUBSCRIBEAdds the specified mailbox name to the server's set of "active" or "subscribed" mailboxes as returned by the LSUB command.
UNSUBSCRIBERemoves the specified mailbox name from the server's set of "active" or "subscribed" mailboxes as returned by the LSUB command.

 

Note  The IDLE extension is not supported.

Authentication guidelines using OAuth 2.0

When using OAuth 2.0 to authorize users, follow these guidelines. For more info about OAuth 2.0, see The OAuth 2.0 Authorization Protocol and The OAuth 2.0 Authorization Framework.

Dn440163.wedge(en-us,WIN.10).gifTo authenticate users

  1. Your app/server must get the OAuth 2.0 token from a Microsoft Account (MSA), using the standard OAuth 2.0 flow.
    • Don't store user credentials on the client or your servers.
    • Request scopes wl.imap and wl.offline_access. For more info, see Scopes and permissions.
  2. MSA provides an access token and a refresh token to your app/server.
    • The token endpoint on MSA that serves OAuth 2.0 tokens will be https://login.live.com/oauth20_token.srf.
  3. Your app/server passes the access token to our IMAP service in the AUTHENTICATE command. We accept a base64-encoded string that contains:
    • The user name.
    • The authentication type Bearer for direct OAuth 2.0 requests.
    • The access token granted by MSA.
    For example, your app/server would base-64 encode this string:

    user={user@domain.com}^Aauth=Bearer {Access Token}^A^A

    where {user@domain.com} is the user's account, {Access Token} is the access token granted by MSA, and ^A are Ctrl-A characters (U+0001).

    Here is an XOAuth2 authentication example:

    [connection begins]
    C: 000 CAPABILITY
    S: * CAPABILITY IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2
    S: 000 OK CAPABILITY completed
    C: 001 AUTHENTICATE XOAUTH2 
    S: + 
    C: {base64-encoded string}
    S: * CAPABILITY IMAP4rev1
    S: 001 OK OAuth authentication successful
    [connection continues]
    
    
  4. When the access token expires, your app/server must request a new access token from MSA using the refresh token. Your app/server must use the access token for its full lifetime, before it uses the refresh token to renew the access token.

Accessing IMAP

To access IMAP, use these settings:

IMAP

SettingValue
Incoming IMAP mail serverimap-mail.outlook.com
Incoming IMAP mail server port993
EncryptionSSL
User nameyour Microsoft account
Passwordyour password

 

SMTP

SettingValue
Outgoing SMTP mail serversmtp-mail.outlook.com
Outgoing SMTP mail server port587
EncryptionTLS

 

Related topics

Scopes and permissions
OAuth 2.0

 

 

Show:
© 2014 Microsoft