Skip to main content
Last updated May 19, 2014 19:28, by Bill Shannon

OAuth2 Support

Starting with JavaMail 1.5.2, support for OAuth2 authentication via the SASL XOAUTH2 mechanism is included. Please send feedback to

The SASL XOAUTH2 provider will be added to the Java security configuration when SASL support is first used. The application must have the permission SecurityPermission("insertProvider.JavaMail-OAuth2").

Since OAuth2 uses an "access token" instead of a password, you'll want to configure JavaMail to use only the SASL XOAUTH2 mechanism. The access token is passed as the password, which obviously won't work with any of the other authentication mechanisms. For example, to access Gmail:

 Properties props = new Properties();
 props.put("mail.imap.ssl.enable", "true"); // required for Gmail
 props.put("mail.imap.sasl.enable", "true");
 props.put("mail.imap.sasl.mechanisms", "XOAUTH2");
 props.put("mail.imap.auth.login.disable", "true");
 props.put("mail.imap.auth.plain.disable", "true");
 Session session = Session.getInstance(props);
 Store store = session.getStore("imap");
 store.connect("", username, oauth2_access_token);

You'll need to acquire an OAuth2 access token to be used for the session, e.g., using these Google tools and the procedure described here to obtain OAuth2 credentials from the Google Developers Console. In particular, you'll need the Client ID and the Client secret from the Google Developers Console for use with the program to generate a Refresh Token, from which you can generate an Access Token. (Note that the OAuth2 access token does not need to be base64 encoded first; the XOAUTH2 provider will do that. Note also that the Google OAuth2 provider at the link above is not needed, only the program to generate an access token.)

To connect to using OAuth2, see this page and the procedure described here for creating a Refresh Token and Access Token. Get your Client ID and Client secret from the Microsoft account Developer Center. The general procedure above should work to connect to, but the access token will need to be acquired as described on the page.

OAuth2 is also supported with SMTP; change "imap" to "smtp" in the property names.

Please Confirm