Error SoapFaultDetails message: '401 Unauthorized',

[fgisslen]

Hi,
I have used this package for a while and everything has been working perfectly.
Until now.

With exactly the same setup I nowadays get the response:
Error SoapFaultDetails {
message: '401 Unauthorized',
InnerException: null,
faultCode: null,
faultString: null,
faultActor: null,
responseCode: 127,
errorCode: 0,
exceptionType: null,
lineNumber: 0,
positionWithinLine: 0,
errorDetails: DictionaryWithStringKey {
keys: [],
keysToObjs: {},
objects: {},
keyPicker: [Function (anonymous)]
},
HttpStatusCode: 401,
Exception: ServiceRequestUnauthorizedException {
message: '401 Unauthorized',
InnerException: null
}
}

Here is my setup:

const EXCHANGE_URL = 'https://outlook.office365.com/EWS/Exchange.asmx';
const ewsLogin = config.exchange.login;
const ewsPassword = config.exchange.password;
const service = new ews.ExchangeService(ews.ExchangeVersion.Exchange2013);
service.Credentials = new ews.WebCredentials(ewsLogin, ewsPassword);
service.TraceEnabled = true;
service.TraceFlags = ews.TraceFlags.All;

const email = new ews.EmailMessage(service);
email.ToRecipients.Add('xx@xx.xx');
email.Subject = 'xxx';
email.Body = new ews.MessageBody('xxxx');
email.Body.BodyType = ews.BodyType.Text;
email.Send()
.then((val) => {
console.log("Sent");
})
.catch((e) => {
console.log("Error ", e);
});

Please help me :P

[gautamsi]

Microsoft no longer allows to use basic auth.

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

some way to extend it for some time.
https://practical365.com/exchange-online-basic-authentication/

[fgisslen]

Thanks @gautamsi ,
what would you recommend that I should do instead of basic auth?

[gautamsi]

you have to use microsoft guide to get the oauth refresh and access token then pass access token to this library.

[zhukovsv]

Hi Everyone,

Please find the solution we used to fix the same problem.

The solution consist of 3 parts:

1. Setup application in AZURE.
2. Add code to get accessToken.
3. Made changes in old code to use previously received accessToken.

[zhukovsv]

Part 1:

1. Login to MS AZURE portal.
2. Open "App registration" tool:
   
3. Click "New Registration":
   
4. Setup new App:
   
5. After you click registrate button you will receive smtg like this:
   
6. Open API permissions tab for previously created App + click Add permission and select MS Graph:
   
7. Select Delegated permissions:
   
8. Find User section and select User.Read + Add permission click:
   
9. Add a permission again + APIs my organizaton uses tab(or find it) and find Office 365 Exchange Online:
   
10. Find EWS section and select EWS.AccessAsUser.All and click Add permissons:
    
11. Go to Authentication tab and click Add platform:
    
12. Select Mobile and Desctop apps and click Save button:
    
13. Select to options and click Configure:
    

14. Also on Authentication tab set "Supported accounts types" and "Allow public client flows" and click Save:

15. Go to Overview tab you should see smthg like this:
clientID
tenantId

16. THIS STEP should be made BY EACH USER that WILL USE this API - use USER credentials to open this link (or YOUR ADMIN should make bulk apply). Check made changes by opening next link in browser in incognito mode(FOR each user). :
https://login.microsoftonline.com/ADD YOUR TENANTID/oauth2/v2.0/authorize?
client_id=ADD YOUR CLIENTID
&response_type=code
&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
&response_mode=query
&scope=EWS.AccessAsUser.All
&state=12345
17. After the opening previously generated link you should login and then receive another link in browser which shoud contains generated accessToken(secret):

18. Now we can start add code allows us to get accessToken

[zhukovsv]

Part 2 - get accessToken by using userName + userPassword to email box:

import * as path from 'path';
import { ExchangeService, EmailMessage, MessageBody, OAuthCredentials, AutodiscoverService, Folder, Item, ExchangeVersion } from 'ews-javascript-api';

public async getEmailAccessToken(
clientId: string,
tenantId: string,
emailUserName: string,
emailUserPassword: string,
cacheFilePath: string = .${path.sep}tokenCache.json) {

    const msal = require('@azure/msal-node');
    const { promises: fs } = require('fs');

    //Cache Plugin configuration         
    const beforeCacheAccess = async (cacheContext) => {
        try {
            const cacheFile = await fs.readFile(cacheFilePath, 'utf-8');
            cacheContext.tokenCache.deserialize(cacheFile);
        } catch (error) {
            // if cache file doesn't exists, create it
            cacheContext.tokenCache.deserialize(await fs.writeFile(cacheFilePath, ''));
        }
    };

    const afterCacheAccess = async (cacheContext) => {
        if (cacheContext.cacheHasChanged) {
            try {
                await fs.writeFile(cacheFilePath, cacheContext.tokenCache.serialize());
            } catch (error) {
                console.log(error);
            }
        }
    };

    const cachePlugin = {
        beforeCacheAccess,
        afterCacheAccess
    };

    const msalConfig = {
        auth: {
            clientId: clientId, // YOUR clientId
            authority: `https://login.microsoftonline.com/${tenantId}` // YOUR tenantId
        },
        cache: {
            cachePlugin
        },
        system: {
            loggerOptions: {
                loggerCallback(loglevel, message, containsPii) {
                    console.log(message);
                },
                piiLoggingEnabled: false,
                logLevel: msal.LogLevel.Verbose
            }
        }
    };

    const pca = new msal.PublicClientApplication(msalConfig);

    const msalTokenCache = pca.getTokenCache();

    const accounts = await msalTokenCache.getAllAccounts();

    // Acquire Token Silently if an account is present
    let accessToken = null;

    if (accounts.length > 0) {
        const silentRequest = {
            account: accounts[0], // Index must match the account that is trying to acquire token silently
            scopes: ['https://outlook.office365.com/EWS.AccessAsUser.All'],
        };

        const response = await pca.acquireTokenSilent(silentRequest);

        accessToken = response.accessToken;
    } else {
        // fall back to username password if there is no account
        const usernamePasswordRequest = {
            scopes: ['https://outlook.office365.com/EWS.AccessAsUser.All'],
            username: emailUserName, // Add your username here      
            password: emailUserPassword, // Add your password here
        };

        const response = await pca.acquireTokenByUsernamePassword(usernamePasswordRequest);

        accessToken = response.accessToken;
    }

    return accessToken;
}

[zhukovsv]

Part 3 - connect to emailbox:
import { ExchangeService, EmailMessage, MessageBody, OAuthCredentials, AutodiscoverService, Folder, Item, ExchangeVersion } from 'ews-javascript-api';

public async connectAndChangeAllEmailsFromBlaBla(
clientId: string,
tenantId: string,
exchangeServiceUrl: string = 'https://outlook.office365.com/Ews/Exchange.asmx',
emailUserName: string,
emailUserPassword: string,
searchMask: string = 'hasattachments:yes and from:NoReply@blabla.com and received:today') {

    // get acces token by method written above in part 2
    const emailAccessToken = await this.getEmailAccessToken(clientId, tenantId, emailUserName, emailUserPassword);

    const ews = require('ews-javascript-api');
    const service = new ExchangeService(ews.ExchangeVersion.Exchange2013);

    // use emailAccesToken
    service.Credentials = new OAuthCredentials(emailAccessToken);

    service.Url = new ews.Uri(exchangeServiceUrl);

    const mailInbox = await ews.Folder.Bind(service, ews.WellKnownFolderName.Inbox);
    const loadPageSize = 1000; // 1 means load last email according to filter

    const view = new ews.ItemView(loadPageSize);
    view.PropertySet = new ews.PropertySet(ews.BasePropertySet.FirstClassProperties);
    let mailItems;
    // hasattachment:yes
    // isread:false
    // received:today or received:[date]
    mailItems = await mailInbox.FindItems(searchMask, view);
    console.log(`Emails were found before processing: ${mailItems.Items.length}`);

    for (const item of mailItems.Items) {
        // mark mail.item as read
        item.IsRead = true;
        await item.Update(1);
        // Do what you want
    }

    return mailItems.Items.length;
}

[zhukovsv]

Have a good day.