Authenticate an IMAP, POP or SMTP connection using OAuth

Thank you, Charlie, for the reply. To answer your first question, both the URLs are the same. The second one is more to let users know that the KB document also contains steps to apply the update for cfexchange.

As far as the second question is concerned, let me get back to you on this. I've asked the engg team for a response.

Thanks,

Saurav

Thanks.

1) So I see now that the one technote has TWO sections, with the second having a sub-heading of "Apply the update for cfexchange". 

Sadly, the top of the technote really doesn't make that clear, and it would be really helpful if it did--especially for the sake of folks who are being pointed to the technote from elsewhere (slack, twitter, and the tracker ticket on the matter), who may not see the clarification you've offered here.

2) On a separate matter, I notice that the code in the first section names a response.cfm file in the various redirect URLs (within the cfoauth and cfhttp code), but only the second section of the technote actually indicates a code section having that response.cfm file as its name.

Is it that for each of the "get the access token" references (for the smtp, imap, and pop examples), those should have been indicated to be the "response.cfm" referred to for that example? That should be indicated.

3) And since the redirect urls refer to localhost:8500, there should be at least a little clarification in the technote about what that means (and how it may differ for some folks), and most importantly WHERE that response.cfm would be expected to be placed, to be found via that URL.

And people would probably really want such processing done in pages that were in their regular web app code. Some insight into how they should proceed in that respect would be helpful.

4) And if someone might argue "a technote is not the place for all that detail", then fair enough: such things could be discussed in a docs page, and the technote changed to point to that. 

5) Finally, it's not clear if that last sentence (about "impersonating a user" and the new jvm arg) is referring ONLY to the last section on cfexchange or perhaps also is related to the first section. Can you perhaps get that clarified in the note?

As it stands, there is already chatter going on in the tracker ticket about people trying to do what the technote says, and surely many discussions will happen in slack and twitter, etc., if not also here, discussing various aspects of applying the steps in this technote.

That's why I'm trying to get the technote itself to better clarify things--or point to a docs page that does.

As always, just trying to help--not merely to criticize.

Thank you Charlie for your feedback.

1. To answer your first question regarding instances, you must apply the updates for each instance.
2. I've added an anchor for cfexchange. Now, if you click the link, you'll be redirected to the relevant section.
3. As far as the other points are concerned, I'll update the tech note accordingly.

Thanks Charlie once again for your help. Happy New Year!

/Saurav

Thanks, Saurav. The anchor is a great start, and it's encouraging that you could get it added so fast. Next will be to get that indicated at the top of the technote. Same with getting clarification about instances. 

And sure, great to hear you then also plan to address the other observations. I appreciate there's a challenge in finding the right balance of providing too much vs not enough info. 

is there a open thread for community support - 

We are trying to to figure out an issue we are having - we see the following;

getting the following error. Detail: The request failed. The request failed. The remote server returned an error: (401) Message:Access to exchange Server Denied. On the exchange side, the error is: The password entered exceeds the length. Please reach out to your admin to reset the password. It seems like the server is not accepting the token as the password. password="#auth-token#". Has anyone else run into this issue?

Pete, either this could be that "open thread" or you could create a new one.

As for your error, have you tried to output (to screen) the value of that auth-token variable? Is it what you would expect? (I'm not asking you to share it here.) It could be that while you EXPECT it to be some specific value, it may well be some VERY DIFFERENT value. I've seen situations where, unexpectedly, the value of a variable was in fact an error message or other string that was not at ALL correct.

That would of course lead you to find why THAT happened. I appreciate that given all the frustration with the recent cfexchange issues, it would be natural to presume "there's a bug in the update", and there may be. Or watch closely about how there are multiple steps in the technote to be followed: some are dropping the ball there (but complaining that "the update doesn't fix the problem").

I'm just encouraging you to do that little bit of digging, since no one else has responded to your question. (They may not "run into the issue" because they are not having the same root cause problem you are, leading perhaps to the "wrong" value in your auth-token.)

Finally, if there will be a lot of back and forth on this, this part of the discussion could be moved to a new thread, to stand as its own question. But perhaps you will let us know that you've solved the problem since asking it yesterday.

On my side using coldfusion2021 and after applying above patchs, I have properly received an authentication token from login.microsoftonline.com but when I use it in cfexchangeconnection, I get following error : "The request failed. The account does not have permission to impersonate the requested user."

According to Microsoft support, we have to add an authentication token to EWS request as explained in

 https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticat...

However only example is written in c#.

Any idea about coldfusion implementation ?

Regards

Pierre

I don't think you'll be able to do that using the EWS Managed API, which is only available in C#. You'll need to submit a ticket to Adobe to get that resolved.

Dave Watts, Eidolon LLC

Pierre, had you seen that kb article pointed out at the start of this thread? And did you try the final JVM argument listed at the bottom:

When impersonating a user, set the following flag to true (the default is false), -Dcoldfusion.exchange.setImpersonatedUser=true

Can you confirm if you tried that (and restarted CF, and applied the hotfix as discussed also)?

Sure in my jvm.config, I have set this -Dcoldfusion.exchange.setImpersonatedUser=true

I have also set -Dcoldfusion.exchange.useOauth2=true because without it, I got another error : http 401. (same one as discussed above with Pete220652393l9r).

Ok on the latter. Bummer on the former. Assuming all is indeed as it should be, I'm out of ideas. Perhaps others here (or Adobe) may offer more. (See also the tracker ticket related to the matter, where a bit more discussion has ensued in comments, after the fix was released.)