[Users] Oauth2 not working with Microsoft Exchange

Paul Rolland rol at witbe.net
Mon Oct 10 14:44:52 UTC 2022 

Hello,

Self replying.... and top-posting.... shame on me ;)

Just did the "click the Authorise button" with --debug in the hope to have
more details, and here is what I have :

....
oauth2.c:327:Complete body: client_id=0a..........261I&redirect_uri=http://127.0.0.1:8888&grant_type=authorization_code&tenant=common&scope=offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
socket.c:1278:Unexpected TLS read result -110
** Message: 16:39:54.915: OAuth2 access token not obtained

oauth2.c:339:OAuth2 - request: POST /common/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/json
Content-Length: 1140
Host: login.microsoftonline.com
Connection: close
User-Agent: ClawsMail

client_id=0a.......261I&redirect_uri=http://127.0.0.1:8888&grant_type=authorization_code&tenant=common&scope=offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send

 Response: HTTP/1.1 400 Bad Request
....
{"error":"invalid_grant","error_description":"AADSTS70008: The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource.\r\nTrace ID: ....\r\nCorrelation ID: ....\r\nTimestamp: 2022-10-10 14:39:54Z","error_codes":[70008],"timestamp":"2022-10-10 14:39:54Z","trace_id":"....","correlation_id":"....","error_uri":"https://login.microsoftonline.com/error?code=70008"}** Message: 16:39:54.915: OAuth2 refresh token not obtained

Regards,
Paul

On Mon, 10 Oct 2022 16:37:03 +0200
Paul Rolland <rol at witbe.net> wrote:

> Hello,
> 
> Sorry to "resurrect" an old thread, but I can't get OAuth2 working with
> Claws and M365...
> 
> So far, I've following the instructions at 
> https://www.claws-mail.org/faq/index.php/Oauth2#Setting_up_OAuth_2.0_for_Microsoft_-_for_Outlook_or_Exchange
> 
> and did Step 1, Step 2 and Step 3. I have to admit I'm a little bit
> puzzled at the 127.0.0.1:8888 URL in step 2 (what is it for and when is
> it used) and the /oauth2/nativeclient at step 3 especially as Michael
> states this is the "old way".
> 
> So, I edit my Account, go to OAuth, and start doing what is at Step 4.
> The 4 first items are OK, and then I can authenticate in my browser, and
> ends up on an empty page.
> (The URL O got is
> https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id....
> )
> 
> There is an URL I copy but when I want to paste it into Claws, it's now
> possible, the field is inactive. I have to either Apply or Cancel the
> OAuth2 edition, and re-open the account and go to OAuth2.
> The URL from the Authentication is :
>  http://127.0.0.1:8888/?code=0.AXMAH0CNP8WV3U.....
> 
> Then, I can paste the URL and click Authorise... Does it work ? Does it
> fail ? No way to know.... but Network Log shows :
> * OAuth2 access token not obtained
> * OAuth2 refresh token not obtained
> (It is really goes to 127.0.0.1:8888, no surprise it fails...)
> 
> I save everything and try to get my mails :
> * Account 'Copy of Witbe Team': Connecting to POP3 server:
> outlook.office365.com:995... [2022-10-10 16:03:44] POP< +OK The Microsoft
> Exchange POP3 service is ready. [...==] [2022-10-10 16:03:44] POP> USER
> rol at witbe.net [2022-10-10 16:03:44] POP< +OK
> [2022-10-10 16:03:44] POP> PASS ********
> [2022-10-10 16:03:45] POP< -ERR Logon failure: unknown user name or bad
> password. *** error occurred on authentication
> *** Authentication failed.
> 
> Regards,
> Paul
> 
> On Fri, 22 Jul 2022 14:53:49 +0200
> Michael Rasmussen via Users <users at lists.claws-mail.org> wrote:
> 
> > On 2022-07-22 14:40, Claudio Passerone wrote:  
> > > source code of the page is empty. I don't understand what am I doing
> > > wrong. Does anybody have the same problem, or is there a fix?
> > >     
> > Try build the version from git since this has a number of fixes. I use 
> > the version myself without problems.
> > 
> > Regarding redirect URL: This is configured in source and you should not 
> > be required to change it.
> > 
> > https://login.microsoftonline.com/common/oauth2/nativeclient is 
> > definitely wrong since this is the old way of doing it.
> >   
> 
> 


-- 
Paul Rolland                                E-Mail : rol(at)witbe.net
CTO - Witbe.net SA                          Tel. +33 (0)1 47 67 77 77
18 Rue d'Arras, Bat. A11                    Fax. +33 (0)1 47 67 77 99
F-92000 Nanterre                            RIPE : PR12-RIPE

Please no HTML, I'm not a browser - Pas d'HTML, je ne suis pas un
navigateur "Some people dream of success... while others wake up and work
hard at it" 

"I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry that 10
or 15 years from now, she will come to me and say 'Daddy, where were you
when they took freedom of the press away from the Internet?'"
--Mike Godwin, Electronic Frontier Foundation 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20221010/2e202ed5/attachment-0001.sig>

More information about the Users mailing list