[Users] office365 oauth2

[dmacdoug]

On Fri, May 12, 2023 at 08:01:49AM +0600, Dustin Miller wrote:
> On Thu, 11 May 2023 17:58:43 -0700
> dmacdoug <dmacdoug at usc.edu> wrote:
> 
> > My University email is handled on Microsoft office365.
> > I've been using Thunderbird with it successfully but I'd
> > like to give Claws-mail a try instead.  I tried to follow 
> > the instructions given for Outlook or Exchange here:
> > 
> > https://urldefense.com/v3/__https://www.claws-mail.org/faq/index.php/Oauth2*Setting_up_OAuth_2.0_for_Microsoft_-_for_Outlook_or_Exchange__;Iw!!LIr3w8kk_Xxm!rljErTFRfc4gOk_S5iPw7i1pcwYmWR_5I-8Vus3WXd3KhMrlem80aa3qP9c4qk2leB6hEVj2LD-kdlQ$ 
> > 
> > Step 1 is to login to portal.azure.com which works.
> > Step 2 is to click on Azure Active Directory.  
> >    When I do this it briefly displays the side menu 
> > where I presume link to click in step 3 might be, but 
> > then goes to an error message saying "you do not have access".
> > 
> DM: Hi, Don. Microsoft seems to give their clients (i.e. your
> university) quite a bit of control in regards to security-related and
> other settings. Based on the error message you're getting, it sounds to
> me like your university has chosen not to let its email users change
> whatever Azure settings you're not able to access. So my approach would
> be to contact the relevant people at your university who could tell you
> whether what you're trying to do is possible or not. If you can't get
> past this first step, I doubt there's anything you can do to make it
> work. As an example, my organization has been getting tighter and
> tighter on security. First they disabled POP, so I switched to IMAP,
> and they wouldn't agree to approve Claws Mail so I had to pretend to be
> Thunderbird. Then they disabled IMAP, so now I'm basically stuck with
> having to use web-mail since I'm not a Microsoft product (Windows,
> Outlook, etc.) user. HTH, ---Dustin
> > 
Thank you Dustin for your reply.  I feel much more fortunate than you and
I'm sorry that you're stuck with web-mail.  That stinks.  In my case the
university gave us lots of warning that Microsoft was going to be disabling
the old fashioned password login and we would be required to use oauth2
authentication method.

My normal way of reading email is to use getmail to download all new
messages to my own mailserver, then feed it through procmail to sort it into
files according to which listserv it came from and such like categories so
that only the important mail ends up in my inbox and I can read everything
in it's order of importance and I don't miss important messages because they
are lost in the sea of stuff I get everyday.

It took some time to convert getmail to using oauth2 authentication method,
but with help from some people on the getmail help list I was able to do it. 
It required using the Thunderbird client-id and client-secret to get the
access_token needed to autheticate.  Once that was put into the getmailrc
everything works just perfectly.

But there are some messages that just need to be seen on a GUI client, and
Thunderbird works with oauth2, so I've been using Thunderbird for that but
claws-mail has a few advantages over Thunderbird so I thought I'd see if I
could use it instead but I got the error message.   I've been wondering if
it has anything to do with the client-id and client-secret problem so I
figured if someone else had already worked it out I'd seek their wisdom and
if not I might be able to find an answer.  Either way I figure it could be
valuable to others in the future.

Regards, Don