Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Microsoft Oauth2.0 for incoming mails

Hello,

I try to setup OAuth 2.0 for an Office365 mail account.

I created the Oauth App in the Azure portal and successfully add the connection in the Jira system setting.

When I now add the mail account to the Jira Service Desk. I could login into the Microsoft Account and the redirected to the Jira Service Desk settings.

There I get the message: 

We couldn't connect to your mail server

Here's the error we received: "OAuth token not defined for connection. OAuth Authorisation required."

In the log file there is this message: 

2020-10-01 13:52:11,585+0200 http-nio-8080-exec-553 ERROR admin-jira-local 832x527172x1 oob6dj 192.xxx.xxx.xxx,212.xxx.xxx.xxx /rest/servicedesk/1/servicedesk/PER/incomingemail/oauth/validateandsaveflow/47622dd0-33c6-4d14-9385-371ead930dca [c.a.s.i.rest.emailchannel.EmailChannelResource] Failed to validate and save token: jep.mail.connection.verifier.unknown.error : 'Here's the error we received: "LOGIN failed.

I'm running Jira 8.12.2 with the official Docker image behind a traefik proxy for https. The docker container is http only.

Any idea what is wrong in my setup?

Thanks

Jan

2 answers

Same issue. 

@kmplng @Martin Haagen How did you solve the problem ?

Regards

Hi @Baptiste Billy

Have you tried adding additional logging to see if this helps narrow down the issue and some of the other suggestions on this thread? 

When we see these issues, usually they are related either to the scopes, OAuth 2.0 client configuration or permissions on Azure which cause the token to be invalid. It might be worth verifying everything on Azure is setup correctly. 

Sorry I don't have anything more concrete, but as the error is on the Azure authentication side, it's hard to understand exactly why the token was rejected - perhaps you can get additional auditing/logs from Microsoft Azure Portal.

Thanks,

Craig. 

0 votes

Hi @kmplng

Thanks for reaching out for help on the Atlassian Community!

Can I ask you to verify that this is still an issue as there were connection issues with Microsoft yesterday which I noticed when I was doing testing with Office365? I can see from this morning I am able to connect with no issues again, but was facing similar errors yesterday. 

To give you a bit more insight into the specific error which you encountered, that occurs at the end of the OAuth authorisation flow when JSD receives a token back from the service and JSD uses this token along with your email address to try and connect. Only when this is successful does JSD then persist the token, along with the refresh token, in the OAuth 2.0 token store for later use when retrieving emails. 

So I think that if JSD got a token back, but was unable to login, it could be an issue on the provider's side - or possibly an invalid scope. Can you also verify what scopes you have requested, you'll likely want the following when using IMAP:

"https://outlook.office.com/IMAP.AccessAsUser.All" and "offline_access".

Here's a couple references on the Microsoft outage:

https://www.theverge.com/2020/10/1/21496667/microsoft-outlook-down-outage-service-issues

https://portal.office.com/servicestatus

Let me know if you still experience issues and we can help you out further. 

Thanks,

Craig.

Jira Service Desk.

Hi Craig,

I tried this today again with the same result.

Scope is set correctly.

Any other idea?

Thanks a lot

Jan

@Craig Shannon  Any other hint? I need to get this running. :(

Hi, this also interested in this issue as i am experiencing the same issue - scope is IMAP and offline_access as stated in the above post.

According to our MS admin the token is verified correctly on the office365 side.

Is there any packages i can enable in jira to enable further logging?

Hi,

Sorry for the late response. It is possible to turn on additional logging on the mail library by setting the system property `-Dmail.debug=true`. This should give more information on what is happening during the authentication. For instructions on how to set system properties, see here

You can also try adding debug logging to the package `com.atlassian.jira.internal.mail.processor.feature.channel.connectionverifier`, however I checked the code and do not think we'll get much more info from this logging other than a message if the connection is ever successful. There should also be errors and warnings logged from this package which you should see in the logs. 

"Unable to connect to the server at <hostname> due to the following exception:"

Let me know if the mail.debug system property helps track down where the error is coming from. 

Thanks,

Craig. 

Hi,

We are also experiencing the same problem with configuring JSD email requests to use Microsoft Office365 and OAuth2.0, and get the exact same error message. ("OAuth token not defined for connection. OAuth Authorisation required.")
Configuring native Jira Incoming Mail servers using the same OAuth Integration works fine.

I've extended the logging and see this in atlassian-jira-incoming-mail.log when trying to authorize:

2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.plain.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.ntlm.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.debug=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.imaps.auth.gssapi.disable=true
2020-10-15 21:46:38,242+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Adding system override mail.mime.decodeparameters=true
2020-10-15 21:46:40,223+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Connection to Mail Server established successfully
2020-10-15 21:46:40,296+0000 DEBUG [] https-jsse-nio-443-exec-25 mhaagen 1306x24373x2 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/INFOSEC/incomingemail/oauth/validateandsaveflow/743fe88d-8898-4819-855c-d6a6ef3ec728 Unable to open folder with URI 'inbox'
2020-10-15 21:46:41,573+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.plain.disable=true
2020-10-15 21:46:41,573+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.ntlm.disable=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.debug=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.imaps.auth.gssapi.disable=true
2020-10-15 21:46:41,576+0000 DEBUG [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Adding system override mail.mime.decodeparameters=true
2020-10-15 21:46:41,578+0000 ERROR [] https-jsse-nio-443-exec-21 mhaagen 1306x24399x3 ah4zwh 172.29.17.35,172.17.15.41 /rest/servicedesk/1/servicedesk/admin/email/test Unable to connect to the server at outlook.office365.com due to the following exception:
com.atlassian.jira.internal.mail.processor.errors.MailConnectionException: OAuth token not defined for connection. OAuth Authorisation required.
Stacktrace.....

Jira Software 8.12.2, JSD 4.12.2

Hi,

Can you try also adding the scope for POP as well as IMAP? I am not sure why as I could not replicate this on our test account, but this I believe resolved the issue for @kmplng

https://outlook.office.com/IMAP.AccessAsUser.All

https://outlook.office.com/POP.AccessAsUser.All

You may also need this scope: https://outlook.office.com/offline_access

For more information on the Microsoft mail scopes, see here 

Thanks,

Craig. 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

Submit your Jira Service Management use case and win!

Hi everyone - in case you haven’t heard, we’re hosting the show of the century on November 10th: High Velocity: ITSM World Tour.     This virtual, concert-themed experience...

275 views 1 10
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you