Jira Mail Handler and Service Management Mail Handler cannot be configured using Oauth 2.0, due to Microsoft License issue
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Both types of mail handlers (Jira and Service Management) can't be configured with a Microsoft Mailbox (shared or non shared) using the Oauth 2.0 authentication:
- Configuring a Jira Service Management (JSM) Mail Handler for a Service Management project via the page Project Settings > Email Request fails while using the authorize button with the Oauth 2.0 authentication
- Configuring a Jira Mail Server in ⚙ > System > Incoming Mail fails during the Test Connection step
Environment
Jira Service Management 4.10.0 / Jira 8.10.0 and higher, integrated with Office 365 or Microsoft Exchange
Diagnosis
- An Oauth 2.0 integration was configured in ⚙ > System > Oauth 2.0, with the same scopes as the ones mentioned in Integrating with Oauth 2.0, and the connection test was successful
- When trying to configure a JSM Mail Handler via the page Project Settings > Email Request,
the following error is thrown in the UI
Here's the error we received: "OAuth token not defined for connection. OAuth Authorisation required."
the following error is thrown in the Jira Incoming Mail Logs
2021-11-22 12:22:32,914+0100 ERROR [] https-jsse-nio-8443-exec-5 julien 742x19484x1 1nxdphq 127.0.0.1 /rest/servicedesk/1/servicedesk/admin/email/test Unable to connect to the server at outlook.office365.com due to the following exception: com.atlassian.jira.internal.mail.processor.errors.MailConnectionException: OAuth token not defined for connection. OAuth Authorisation required. at com.atlassian.jira.internal.mail.processor.feature.channel.connectionverifier.DefaultChannelConnectionVerifier.verifyConnectionDefinition(DefaultChannelConnectionVerifier.java:76) [?:?] at com.atlassian.jira.internal.mail.processor.feature.channel.connectionverifier.DefaultChannelConnectionVerifier.verifyConnectionDefinition(DefaultChannelConnectionVerifier.java:58) [?:?] at jdk.internal.reflect.GeneratedMethodAccessor3792.invoke(Unknown Source) [?:?] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:?]
Note that when trying to configure the same mailbox in Project Settings > Email Requests, but this time with Basic Authentication (using the mailbox password), a different error is thrown:
We couldn't connect to your mail server JIRA couldn't open the folder 'inbox' at outlook.office365.com. Check and make sure the folder name is correct and try again. Check out our troubleshooting docs for help resolving the issue.
- When trying to configure a Jira Mail Server with Oauth 2.0 in ⚙ > System > Incoming Mails
- Clicking on the Authorize button leads to a successful result
- Clicking on the Test Connection button leads to an error thrown in the UI
The following error is thrown in the Jira logs
2021-12-08 11:16:58,578+0100 https-jsse-nio-8443-exec-21 ERROR julien 676x39887x1 9qaxhs 127.0.0.1 /secure/admin/VerifyPopServerConnection!add.jspa [c.a.j.p.mail.webwork.VerifyMailServer] Unable to connect to the server at outlook.office365.com due to the following exception: javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
- Clicking on the Authorize button leads to a successful result
- When logging directly into the mailbox in Microsoft Outlook (https://outlook.office.com/mail/inbox), the following error is thrown in the UI:
Error:
UTC Date: 2021-12-08T09:50:21.069Z BootResult: configuration Client Id: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Session Id: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX Client Version: 20211129004.15 err: Microsoft.Exchange.Clients.Owa2.Server.Core.OwaUserHasNoMailboxAndNoLicenseAssignedException esrc: StartupData et: ServerError estack: Error: 500 at i (https://outlook.office.com/mail/inbox/:363:209906) at https://outlook.office.com/mail/inbox/:363:147412 st: 500 ehk: X-OWA-Error efe: CY4PR16CA0042, AS8P250CA0011 ebe: CY4PR10MB1639 emsg: UserHasNoMailboxAndNoLicenseAssignedError
- Screenshot of the error:
Cause
There is no license provided for the Microsoft account to access the mailbox that belongs to this account.
Solution
Reach out to your Microsoft Administration team to grant the account a license allowing to access the mailbox.
One way to grant a license to the account is to go to the Azure Admin portal, as explained in Assign or remove licenses in the Azure Active Directory portal. Basically, what your admin user can do is:
- Log into https://portal.azure.com/ as an Admin user
- Go to Users and click on the account that needs a license
- After that, click on on Licenses > Assignments