BAD User is authenticated but not connected ,when try to access Outlook Email Group Imap Inbox using java code

Question

I am working on Java code to read the inbox of Outlook, utilizing a token for login through client credentials. The authentication is done via Azure, where I have created an app. I have granted the app all the necessary permissions, and the admin has provided consent in Office 365 Exchange Online.

Given that multiple email accounts within the organization share the same email domain, we aim to access only specific email accounts. To achieve this, we have created a Group through the admin panel. The relevant email IDs have been added to this group, and the group has been granted all the necessary permissions for accessing the required mailboxes.

I also follow this link : How to read my outlook mail using java and oauth2.0 with application regsitration in Azure AD

Below is my java code to access token :

IConfidentialClientApplication app;
try {
    app = ConfidentialClientApplication.builder(CLIENT_ID, ClientCredentialFactory.createFromSecret(CLIENT_SECRET))
            .authority("https://login.microsoftonline.com/" + TENANT_ID)
            .build();

    ClientCredentialParameters credentialParameters = ClientCredentialParameters.builder(
            Collections.singleton(SCOPES))
            .build();

    CompletableFuture<IAuthenticationResult> future = app.acquireToken(credentialParameters);
    IAuthenticationResult result = future.get();
     ACCESS_TOKEN = result.accessToken();
     System.out.println("Access token is  : "+ACCESS_TOKEN);  

} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}

I am able to generate token . I decoded token using jwt.ms

{
  "typ": "JWT",
  "nonce": "vG1KlJZibVbB_7pCJsxNwBNJS-hT8uCGZBigq7RiJoo",
  "alg": "RS256",
  "x5t": "T1St-dLTvyWRgxB_676u8krXS-I",
  "kid": "T1St-dLTvyWRgxB_676u8krXS-I"
}.{
  "aud": "https://outlook.office365.com",
  "iss": "https://sts.windows.net/4b8ccc43-30fb-4190-8324-f3551af91121/",
  "iat": 1702894960,
  "nbf": 1702894960,
  "exp": 1702898860,
  "aio": "E2VgYNBj6xEtDM/uf9pn11p2qJSz37bK58r6h+8tXSXbOrqmcQAA",
  "app_displayname": "WE2StarSGTSImap",
  "appid": "0e2sdfssfsdc-7cf8-4d3d-9237-ab626668c375",
  "appidacr": "1",
  "idp": "https://sts.windows.net/4b8ccc43-30fb-4190-8324-f3551af91121/",
  "oid": "fdfddrf9-253c-4e90-9631-a7cd341c26a6",
  "rh": "0.AUsAQ8yMS_swkEGDJPNVGvkRIQIAAAAAAPEPzgAAAAAAAABLAAA.",
  "roles": [
    "full_access_as_app",
    "Mail.ReadWrite",
    "Mail.Read",
    "Mail.Send",
    "IMAP.AccessAsApp"
  ],
  "sid": "3eddgfdgf7657-46c0-9745-d8c9d329cbda",
  "sub": "b1ea16c9-253c-4efdg0-9631-a7cd3fgdf1c26a6",
  "tid": "4bdfg43-30fb-4190-8324-f3551af91121",
  "uti": "V7HZsfgdfPBE-0YeTQ26BmAA",
  "ver": "1.0",
  "wids": [
    "09dfgf-0d1d-4acb-b408-d5ca73121e90"
  ]
}.[Signature]

Below is my Java code to access inbox .

Properties props = new Properties();
props.put("mail.store.protocol", "imap");
props.put("mail.imap.host", "outlook.office365.com");
props.put("mail.imap.port", "993");
props.put("mail.imap.ssl.enable", "true");
props.put("mail.imap.starttls.enable", "true");
props.put("mail.imap.auth", "true");
props.put("mail.imap.auth.mechanisms", "XOAUTH2");
props.put("mail.imap.user", "[email protected]");
props.put("mail.debug", "true");
props.put("mail.debug.auth", "true");
    
MailSSLSocketFactory sf = null;
try {
    sf = new MailSSLSocketFactory();
} catch (GeneralSecurityException e1) {

    e1.printStackTrace();
}
sf.setTrustAllHosts(true); 
props.put("mail.imap.ssl.trust", "*");
props.put("mail.imap.ssl.socketFactory", sf);

Store store = null;

try {
    Session session = Session.getInstance(props);
    session.setDebug(true);
    store = session.getStore("imap");
    store.connect("outlook.office365.com", "[email protected]", ReadMailSchedular.ACCESS_TOKEN);
        
    
    if(store.isConnected()){
        System.out.println("\n\n\n\n\n Connection Established using imap protocol successfully !\n\n\n\n\n");      
    }

    inbox = store.getFolder("INBOX");
    inbox.open(Folder.READ_WRITE);

I am able to authenticate successfully, but when I try to inbox.open I get the following logs:

A1 OK AUTHENTICATE completed.
A2 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CLIENTACCESSRULES CLIENTNETWORKPRESENCELOCATION BACKENDAUTHENTICATE CHILDREN IDLE NAMESPACE LITERAL+
A2 OK CAPABILITY completed.
DEBUG IMAP: AUTH: PLAIN
DEBUG IMAP: AUTH: XOAUTH2
DEBUG IMAP: IMAPProtocol noop
A3 NOOP
A3 OK NOOP completed.
 Connection Established using imap protocol successfully !
DEBUG IMAP: connection available -- size: 1
A4 SELECT INBOX
A4 BAD User is authenticated but not connected.
A5 LOGOUT
* BYE Microsoft Exchange Server IMAP4 server signing off.
A5 OK LOGOUT completed.

I also test my application on: https://testconnectivity.microsoft.com/result/

I have several questions on my mind:

1. Have I overlooked any necessary permissions?
2. Do I need to grant API permissions from the admin panel in addition to the permissions I've already set in the app?
3. What might be missing or causing the issue where I can authenticate successfully but cannot access the inbox?

My primary goal is to access the Outlook inbox. What steps or details might I be missing in achieving this?