(SQL Server) IMAP Auto-Refresh Office365 Access Token

See more Office365 Examples

Demonstrates how to automatically recover from an expired access token when OAuth2 authentication fails in the IMAP protocol. If the server responds with "NO AUTHENTICATE failed.", then we refresh the access token and retry.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- An Office365 OAuth2 access token must first be obtained prior
    -- to running this code.

    -- Getting the OAuth2 access token for the 1st time requires the O365 account owner's 
    -- interactive authorizaition via a web browser.  Afterwards, the access token
    -- can be repeatedly refreshed automatically.

    -- See the following examples for getting and refreshing an OAuth2 access token

    -- Get Office365 SMTP/IMAP/POP3 OAuth2 Access Token
    -- Refresh Office365 SMTP/IMAP/POP3 OAuth2 Access Token

    -- First get our previously obtained OAuth2 access token.
    DECLARE @jsonToken int
    -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonToken OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @success int
    EXEC sp_OAMethod @jsonToken, 'LoadFile', @success OUT, 'qa_data/tokens/office365.json'
    IF @success = 0
      BEGIN

        PRINT 'Failed to open the office365 OAuth JSON file.'
        EXEC @hr = sp_OADestroy @jsonToken
        RETURN
      END

    DECLARE @imap int
    -- Use "Chilkat_9_5_0.Imap" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Imap', @imap OUT

    EXEC sp_OASetProperty @imap, 'Ssl', 1
    EXEC sp_OASetProperty @imap, 'Port', 993

    -- Connect to the Office365 IMAP server.
    EXEC sp_OAMethod @imap, 'Connect', @success OUT, 'outlook.office365.com'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @imap, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jsonToken
        EXEC @hr = sp_OADestroy @imap
        RETURN
      END

    -- Use OAuth2 authentication.
    EXEC sp_OASetProperty @imap, 'AuthMethod', 'XOAUTH2'

    -- Login using our username (i.e. email address) and the access token for the password.
    EXEC sp_OAMethod @jsonToken, 'StringOf', @sTmp0 OUT, 'access_token'
    EXEC sp_OAMethod @imap, 'Login', @success OUT, 'OFFICE365_EMAIL_ADDRESS', @sTmp0
    IF @success <> 1
      BEGIN
        DECLARE @loginLastErrorText nvarchar(4000)
        EXEC sp_OAGetProperty @imap, 'LastErrorText', @loginLastErrorText OUT

        -- If we're still connected to the mail server, then it means the server sent a non-success response,
        -- Such as:  NO AUTHENTICATE failed.
        EXEC sp_OAMethod @imap, 'IsConnected', @iTmp0 OUT
        IF @iTmp0 = 1
          BEGIN

            -- Refresh the OAuth2 access token, and if successful, save the new (refreshed) access token and try authenticating again.
            DECLARE @oauth2 int
            -- Use "Chilkat_9_5_0.OAuth2" for versions of Chilkat < 10.0.0
            EXEC @hr = sp_OACreate 'Chilkat.OAuth2', @oauth2 OUT

            -- Use your actual Directory (tenant) ID instead of "112d7ed6-71bf-4eba-a866-738364321bfc"
            EXEC sp_OASetProperty @oauth2, 'TokenEndpoint', 'https://login.microsoftonline.com/112d7ed6-71bf-4eba-a866-738364321bfc/oauth2/v2.0/token'

            -- Replace these with your Azure App Registration's actual values.
            EXEC sp_OASetProperty @oauth2, 'ClientId', 'CLIENT_ID'
            EXEC sp_OASetProperty @oauth2, 'ClientSecret', 'CLIENT_SECRET'

            -- Get the "refresh_token"
            EXEC sp_OAMethod @jsonToken, 'StringOf', @sTmp0 OUT, 'refresh_token'
            EXEC sp_OASetProperty @oauth2, 'RefreshToken', @sTmp0

            -- Send the HTTP POST to refresh the access token..
            EXEC sp_OAMethod @oauth2, 'RefreshAccessToken', @success OUT
            IF @success <> 1
              BEGIN
                EXEC sp_OAGetProperty @oauth2, 'LastErrorText', @sTmp0 OUT
                PRINT @sTmp0
                EXEC @hr = sp_OADestroy @jsonToken
                EXEC @hr = sp_OADestroy @imap
                EXEC @hr = sp_OADestroy @oauth2
                RETURN
              END


            EXEC sp_OAGetProperty @oauth2, 'AccessToken', @sTmp0 OUT
            PRINT 'New access token: ' + @sTmp0

            EXEC sp_OAGetProperty @oauth2, 'RefreshToken', @sTmp0 OUT
            PRINT 'New refresh token: ' + @sTmp0

            -- Update the JSON with the new tokens.
            EXEC sp_OAGetProperty @oauth2, 'AccessToken', @sTmp0 OUT
            EXEC sp_OAMethod @jsonToken, 'UpdateString', @success OUT, 'access_token', @sTmp0
            EXEC sp_OAGetProperty @oauth2, 'RefreshToken', @sTmp0 OUT
            EXEC sp_OAMethod @jsonToken, 'UpdateString', @success OUT, 'refresh_token', @sTmp0

            -- Save the new JSON access token response to a file.
            DECLARE @sbJson int
            -- Use "Chilkat_9_5_0.StringBuilder" for versions of Chilkat < 10.0.0
            EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbJson OUT

            EXEC sp_OASetProperty @jsonToken, 'EmitCompact', 0
            EXEC sp_OAMethod @jsonToken, 'EmitSb', @success OUT, @sbJson
            EXEC sp_OAMethod @sbJson, 'WriteFile', @success OUT, 'qa_data/tokens/office365.json', 'utf-8', 0


            EXEC sp_OAGetProperty @oauth2, 'AccessToken', @sTmp0 OUT
            PRINT 'New Access Token = ' + @sTmp0

            -- Retry the login.
            EXEC sp_OAMethod @jsonToken, 'StringOf', @sTmp0 OUT, 'access_token'
            EXEC sp_OAMethod @imap, 'Login', @success OUT, 'OFFICE365_EMAIL_ADDRESS', @sTmp0
            IF @success = 0
              BEGIN
                EXEC sp_OAGetProperty @imap, 'LastErrorText', @sTmp0 OUT
                PRINT @sTmp0
                EXEC @hr = sp_OADestroy @jsonToken
                EXEC @hr = sp_OADestroy @imap
                EXEC @hr = sp_OADestroy @oauth2
                EXEC @hr = sp_OADestroy @sbJson
                RETURN
              END

          END
        ELSE
          BEGIN
            -- Show the last error text for the call to Login

            PRINT @loginLastErrorText
            EXEC @hr = sp_OADestroy @jsonToken
            EXEC @hr = sp_OADestroy @imap
            EXEC @hr = sp_OADestroy @oauth2
            EXEC @hr = sp_OADestroy @sbJson
            RETURN
          END
      END
    ELSE
      BEGIN

        PRINT 'O365 OAuth authentication is successful.'
      END

    -- Do something...
    EXEC sp_OAMethod @imap, 'SelectMailbox', @success OUT, 'Inbox'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @imap, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jsonToken
        EXEC @hr = sp_OADestroy @imap
        EXEC @hr = sp_OADestroy @oauth2
        EXEC @hr = sp_OADestroy @sbJson
        RETURN
      END

    -- Your application can continue to do other things in the IMAP session....

    -- When finished, logout and close the connection.
    EXEC sp_OAMethod @imap, 'Logout', @success OUT
    EXEC sp_OAMethod @imap, 'Disconnect', @success OUT


    PRINT 'Finished.'

    EXEC @hr = sp_OADestroy @jsonToken
    EXEC @hr = sp_OADestroy @imap
    EXEC @hr = sp_OADestroy @oauth2
    EXEC @hr = sp_OADestroy @sbJson


END
GO