Email.Exchange UnauthorizedError

Build with Robocorp RPA Framework
1

Hello,

Since Tuesday (October 2022, the 25th), I get FAIL on several Robot Tests that worked well before (during months), using RPA.Email.Exchange :

Authorize (with user and password) PASS but I think it does not do the job anymore, because then other keywords all FAIL :
List Unread Messages
List Messages
Move Messages
They FAIL with the message :
UnauthorizedError: Invalid credentials for https://outlook.office365.com/EWS/Exchange.asmx

Using the same user and password, I log in to the email accounts, with no problem, in a web browser.

Is some configuration change between RPA and Exchange ?
What are your preconizations to make these Tests working again ?

I was using rpaframework 16.2.
I just passed to version 18.0 and it’s the same problem…

Thanks in advance
Regards,
Thierry

2

Hi @thierry.gagnaire.ffb,

As already announced on our community Slack, Microsoft deprecated this kind of login since October 1st.

So not even App Passwords are working now, the only way being an OAuth2 setup. Here’s a Portal example demonstrating it.

To find out more, read the following:

3

Thank you. We will try to do this…

4

Hello,
My service provider has managed our Azure AD to setup it and give me an initial token.
I have followed the RpaFramework documentation, and my tests have worked again this afternoon !.. but only for about one hour …!
I had understood that RpaFramework was able to keep the token up to date, but it seems it doesn’t ??
Here is the structure type I added in my vault.json :
“email_oauth_microsoft”: {
“client_id”: “”,
“client_secret”: “”,
“token”: {
“access_token”: “”,
“code”: “”,
“authorization_response”: “”
}
}

What I’m doing wrong ?
Thanks in advance
Thierry

5

structure type :
“email_oauth_microsoft”: {
“client_id”: “XXID”,
“client_secret”: “XXSECRET”,
“token”: {
“access_token”: “XXTOKEN”,
“code”: “”,
“authorization_response”: “”
}
}

6

After one hour with tests PASS, I get now (on Authorize keyword) :
UnauthorizedError: Invalid credentials for https://outlook.office365.com/EWS/Exchange.asmx

7

Hi @thierry.gagnaire.ffb

We’re currently working on improving the experience with OAuth2 and Exchange, so expect to have better library, Portal example and documentation around this later next week.

If it worked and doesn’t work anymore, might be a problem with the token expiration time (seconds since epoch) since that’s generated in local time on the running computer and maybe in UTC (or different timezone) on the remote machine or Control Room cloud container (if you run there).
And without using the same timezone (a problem from the library), an expired token might be used without triggering the auto-refresh mechanism.

8

Thank you for your answer.
I will try to synchronize. Actually I have :
Time zone: Europe/Paris (CET, +0100)

9

Yes, a workaround for now would be for you to have the same timezone setup on both machines:

  • The one you’re initializing the OAuth2 flow first. (attended)
  • The one you’re running the unattended bot which uses the already generated token for authorizing and sending e-mails.

Will let you know as soon as we have a robust solution released.

10

Hi @thierry.gagnaire.ffb,

My bad on the previous message given the timezone as timestamps are not timezone-aware, therefore nothing to worry about. Just make sure you use the latest rpaframework==19.4.1 in your conda.yaml, as this brings the latest fixes to OAuth2.

Take a look at this updated Portal example which uses the latest fixes: Email Authorization with OAuth2 Flow robot