Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,414,267
Community Members
 
Community Events
170
Community Groups

Microsoft Oauth2.0 for incoming mails

Hello,

I try to setup OAuth 2.0 for an Office365 mail account.

I created the Oauth App in the Azure portal and successfully add the connection in the Jira system setting.

When I now add the mail account to the Jira Service Desk. I could login into the Microsoft Account and the redirected to the Jira Service Desk settings.

There I get the message: 

We couldn't connect to your mail server

Here's the error we received: "OAuth token not defined for connection. OAuth Authorisation required."

In the log file there is this message: 

2020-10-01 13:52:11,585+0200 http-nio-8080-exec-553 ERROR admin-jira-local 832x527172x1 oob6dj 192.xxx.xxx.xxx,212.xxx.xxx.xxx /rest/servicedesk/1/servicedesk/PER/incomingemail/oauth/validateandsaveflow/47622dd0-33c6-4d14-9385-371ead930dca [c.a.s.i.rest.emailchannel.EmailChannelResource] Failed to validate and save token: jep.mail.connection.verifier.unknown.error : 'Here's the error we received: "LOGIN failed.

I'm running Jira 8.12.2 with the official Docker image behind a traefik proxy for https. The docker container is http only.

Any idea what is wrong in my setup?

Thanks

Jan

3 answers

Hi All,

 

We are also encountering this issue. The strange thing is, we already have a mailbox set up using this Oauth integration and working fine. Can you not use the one integration for multiple service desks?

 

Scopes are correct as per other comments here, we have the POP one as well

I can successfully add 'the old school way' with a Mail Server and Handler with Oauth2 for this mailbox, so Im pretty sure auth is set up properly - it's just not working in 'Email Requests'. I don't even recall why we moved off the Server+Handler setup but there was a good reason. 

 

I'll enable debug logging today and report back

 

Kind Regards,

Peter

This eventually worked fine with no further changes!

I'm going to blame MS for whatever that was

Like Aaron Vo likes this

Chiming in because we had the same "solution" as Peter. It just eventually worked again.

 

We tried re-creating the OAuth2.0 integration, tested a few emails on two different projects. After about 3 days it eventually it just started working again using our original one. No changes made. I think it's a MS issue.

Like Matt Baillargeon likes this

Same issue. 

@kmplng @Martin Haagen How did you solve the problem ?

Regards

Hi @Baptiste Billy

Have you tried adding additional logging to see if this helps narrow down the issue and some of the other suggestions on this thread? 

When we see these issues, usually they are related either to the scopes, OAuth 2.0 client configuration or permissions on Azure which cause the token to be invalid. It might be worth verifying everything on Azure is setup correctly. 

Sorry I don't have anything more concrete, but as the error is on the Azure authentication side, it's hard to understand exactly why the token was rejected - perhaps you can get additional auditing/logs from Microsoft Azure Portal.

Thanks,

Craig. 

0 votes

Hi @kmplng

Thanks for reaching out for help on the Atlassian Community!

Can I ask you to verify that this is still an issue as there were connection issues with Microsoft yesterday which I noticed when I was doing testing with Office365? I can see from this morning I am able to connect with no issues again, but was facing similar errors yesterday. 

To give you a bit more insight into the specific error which you encountered, that occurs at the end of the OAuth authorisation flow when JSD receives a token back from the service and JSD uses this token along with your email address to try and connect. Only when this is successful does JSD then persist the token, along with the refresh token, in the OAuth 2.0 token store for later use when retrieving emails. 

So I think that if JSD got a token back, but was unable to login, it could be an issue on the provider's side - or possibly an invalid scope. Can you also verify what scopes you have requested, you'll likely want the following when using IMAP:

"https://outlook.office.com/IMAP.AccessAsUser.All" and "offline_access".

Here's a couple references on the Microsoft outage:

https://www.theverge.com/2020/10/1/21496667/microsoft-outlook-down-outage-service-issues

https://portal.office.com/servicestatus

Let me know if you still experience issues and we can help you out further. 

Thanks,

Craig.

Jira Service Desk.

Hi Craig,

I tried this today again with the same result.

Scope is set correctly.

Any other idea?

Thanks a lot

Jan

@Craig Shannon  Any other hint? I need to get this running. :(

Hi, this also interested in this issue as i am experiencing the same issue - scope is IMAP and offline_access as stated in the above post.

According to our MS admin the token is verified correctly on the office365 side.

Is there any packages i can enable in jira to enable further logging?

Hi,

Sorry for the late response. It is possible to turn on additional logging on the mail library by setting the system property `-Dmail.debug=true`. This should give more information on what is happening during the authentication. For instructions on how to set system properties, see here

You can also try adding debug logging to the package `com.atlassian.jira.internal.mail.processor.feature.channel.connectionverifier`, however I checked the code and do not think we'll get much more info from this logging other than a message if the connection is ever successful. There should also be errors and warnings logged from this package which you should see in the logs. 

"Unable to connect to the server at <hostname> due to the following exception:"

Let me know if the mail.debug system property helps track down where the error is coming from. 

Thanks,

Craig. 

Hi,

We are also experiencing the same problem with configuring JSD email requests to use Microsoft Office365 and OAuth2.0, and get the exact same error message. ("OAuth token not defined for connection. OAuth Authorisation required.")
Configuring native Jira Incoming Mail servers using the same OAuth Integration works fine.

I've extended the logging and see this in atlassian-jira-incoming-mail.log when trying to authorize:

2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.plain.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.ntlm.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.debug=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.gssapi.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.mime.decodeparameters=true
2020-10-15 21:46:40,223+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Connection to Mail Server established successfully
2020-10-15 21:46:40,296+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Unable to open folder with URI 'inbox'
2020-10-15 21:46:41,573+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.plain.disable=true
2020-10-15 21:46:41,573+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.ntlm.disable=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.debug=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.gssapi.disable=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.mime.decodeparameters=true
2020-10-15 21:46:41,578+0000 ERROR [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Unable to connect to the server at outlook.office365.com due to the following exception:
com.atlassian.jira.internal.mail.processor.errors.MailConnectionException: OAuth token not defined for connection. OAuth Authorisation required.
Stacktrace.....

Jira Software 8.12.2, JSD 4.12.2

Hi,

Can you try also adding the scope for POP as well as IMAP? I am not sure why as I could not replicate this on our test account, but this I believe resolved the issue for @kmplng

https://outlook.office.com/IMAP.AccessAsUser.All

https://outlook.office.com/POP.AccessAsUser.All

You may also need this scope: https://outlook.office.com/offline_access

For more information on the Microsoft mail scopes, see here 

Thanks,

Craig. 

I am in similar situation. All scopes are set right, and have full rights on the shared mailbox but keep getting authorization for the past 3 days. 

Any recommendations?

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events