[Users] OAuth2 with Microsoft Exchange: Authentication Problem

[Dustin Miller]

Claws 4.0.0 on Linux Mint 20.x XFCE
OAuth2 with Microsoft Exchange for an IMAP account.

This setup had been working fine for me, but recently I was unable to
get the new authorization token/code that is periodically required.

When I attempted this in the usual way by clicking on the button in CM
to open the browser page for my Microsoft sign-in, I got an error that
there needed to be a value for 'client_id'. (Previous to this I had not
needed to use a client ID and hadn't seen this error before.) My
organization hosts our email addresses on Microsoft Exchange, so my
best guest is that they've decided to start requiring a client/app ID.

I went into my account on Microsoft Azure and created a new app
registration (which included a client ID) and also created a client
secret to go with this. I then copied these into the appropriate fields
in CM and tried again.

This time I got an error about trying to use the '/common' endpoint for
a single-tenant (rather than multi-tenant) setup.

So I attempted to use the URI that CM uses for the authorization
request as a template and then edited it to specify an endpoint based
on info I found in my Azure account.

After tweaking the URI, I was able to come up with something that
seemed to work, in that it didn't generate any errors in the browser
and returned a URI to use as the authorization code for CM. So I copied
that to the relevant field in CM and clicked on 'Authorize'.

However, after doing this and then trying to access my account via CM,
I just get the same login error, with the network log indicating that
it was unable to get the new authorization token.

My guess is that there is a problem with one or both of: 1) my app
registration settings in Azure; and 2) the authorization request URI I
am trying to use. However, there are multiple variables at play and I
don't have a lot of experience with this, so I thought I'd check in
here to see if anyone can help me figure out how to troubleshoot this.

If I do end up needing to create my own customized URI for the
authorization request, one thing that would be helpful would be to get
a copy of the URI that CM uses (since sometimes what is shown in the
browser is the 'response' from the other side rather than what CM sent).

Does anyone have any helpful input on these things? Or perhaps could
point me to some resources that might help?

Also, if any developers think any of this smells like a CM bug, let me
know and I can report it as such.

Thanks,
Dustin