[Users] office365 oauth2

Dustin Miller dustbiz at gmail.com
Mon May 15 10:36:33 UTC 2023 

On Mon, 15 May 2023 03:02:32 -0700
dmacdoug <dmacdoug at usc.edu> wrote:

> On Mon, May 15, 2023 at 08:45:14AM +0200, Paul Rolland wrote:
> > Hello,
> > 
> > On Sun, 14 May 2023 15:37:47 -0700
> > dmacdoug <dmacdoug at usc.edu> wrote:
> >   
> > > I know I should probably stop wasting time on getting claws-mail
> > > to work with the oauth2 authentication and just continue to use
> > > Thunderbird, but I just thought it would be nice to only have one
> > > GUI mail client on my laptop which could access both accounts.
> > > Sometimes I get obsessed with a problem when I should just let it
> > > go, especially since I also have access from my phone as well and
> > > as a last resort webmail.  
> > 
> > Well, I was one having issue with OAuth2 and M365, but since I got
> > it working, a few month ago, it's perfect with Claws-mail. 
> > One of the important point I don't see in the list of operations
> > you did is declaring Claws as an accepted client application for
> > M365. I'm lucky enough to be the admin of the tenant, so I did it
> > in Azure, and may be what you do reusing TB id's is equivalent, but
> > following the step-by-step guide really made it work for me.
> >  
> I think I'm beginning to see what my problem is.  I have just in the
> last few days begun to see the word tenant used and I didn't know
> what it meant, but I think I see that it means the particular
> organization whose email is hosted by office365.  If I understand
> correctly, the tenant in my case is my university, and so the admin
> for the university decides which clients can be used.  
> 
DM: I don't know all the details of how everything works, but this is
my understanding as well from my limited experience.
> 
> Since Thunderbird is a widely used email client it is on the list of
> allowed clients, but since not many use Claws-mail it has not been so
> accepted by the university admin.  Therefore Azure Active Directory
> accepted Thunderbird for me but not Claws-Mail.
> 
> One thing I understand from my experience in getting getmail to work
> is that the client developer needs to apply to Microsoft for approval
> before it gets onto their list of clients the "tenant" admin can
> approve.  
> 
> Since you were able to declare Claws an acceptable client, I would
> have to assume that the Claws developers have gotten approval from
> Microsoft and it is on their list.  The one man development team for
> getmail wasn't about to jump through the hoops necessary to get
> Microsoft's approval, so that left the option of using the client_id
> and secret from Thunderbird to get a tokem from office365.
> 
DM: I'm going to guess that you're making an incorrect assumption here;
I would be surprised if the Claws Mail developers have attempted to get
any kind of approval / certification from Microsoft. Of course, I could
be wrong. :) From my experience, it seems like it's up to the tenant
(within reason) what email clients and/or third party apps it wants to
allow, and Microsoft is happy to provide the tools to give more or less
access as the tenant desires. I would guess that the tenants' primary
concerns when considering how much to limit access are security-related
(perceived or real) and ease of admin / support for their users. So, as
I mentioned or alluded to before, with the error message you're getting
here, your best next step might be to talk with your university email
admin to see if they would even allow / support what you're trying to
do, although of course there is the approach David Fletcher mentioned
which sounds interesting, as well as the posing as Thunderbird that can
get around one problem area later in the process.
> 
> Since apparently Claws is on Microsoft's list then there would be two
> options.  Either ask our USC admin to add Claws to the list of
> acceptible clients, or figure out how to insert the Thunderbird
> client_id and secret into the Claws login process.
> 
DM: This is possible, as I and others have already done it. But I think
it's only relevant if you can get past the problem you're facing now to
make whatever other settings changes you need to make in Azure. Unless
I'm misunderstanding something, I don't see how an issue with
client_id, etc. would have any relation to the problem you described.
Best, ---Dustin
> 
> If the id and secret are not easily changed in Claws-mail, then I may
> have to just leave it at that and declare victory for just finally
> understanding the problem.

More information about the Users mailing list