[Users] Microsoft Live (hotmail) oauth2 authentication always fails

David Fletcher David at megapico.co.uk
Thu Jul 4 21:32:44 UTC 2024 

> copied link from Claws.mail oauth2 configuration window, pasted it in
> browser and this is the URL I got with code (I obfuscated) inside:
> https://login.microsoftonline.com/common/oauth2/nativeclient#code=XXXXXX

Hi Ettore,

Thanks for the detailed information. You mention the link you copied into the
browser, but you didn't quote that. Hopefully it looks something like this:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=cd9fedjs-cb3b-4c34-add1-8d13d889f194&redirect_uri=http%3A%2F%2F127.0.0.1%3A8888&response_type=code&scope=offline_access%20https%3A%2F%2Foutlook.office.com%2FIMAP.AccessAsUser.All%20https%3A%2F%2Foutlook.office.com%2FPOP.AccessAsUser.All%20https%3A%2F%2Foutlook.office.com%2FSMTP.Send&tenant=common&response_mode=query

The list of things the app is requesting to access looks ok (maybe slightly
different to the ones requested in the line above as I think this has evolved
a little over time to match Microsoft changes). It should come up with a page
that says something like "Are you trying to sign in to Claws Mail? Only
continue if you downloaded the app from a store or website that you trust"

The part coming back looks like where things go wrong. You got the line:

https://login.microsoftonline.com/common/oauth2/nativeclient#code=XXXXXX

But this should actually never have been involved - this was a method used
ages ago before Claws was updated to use the http://127.0.0.1:8888 method.
Looking back at your post you mention both Claws version 4 and 4.3. This
nativeclient thing will have come from the older version. 

With the older version you need to manually copy the XXXXXX code off that URL
and paste it manually into the Claws Mail Authorisation Code box. This should
still work if you manually copy the code over, but it was a hassle and
Microsoft said the nativeclient method would be removed at some time. 

With the newer version using http://127.0.0.1:8888 the process should be far
more automated. It should redirect your browser to a page with a URL like

http://127.0.0.1:8888/?code=M.C530_BL2.2.U.ab8a6f41-643e-94a3-ff14-0ec33b10be14

All being well that page should say that the authorisation process is
complete. 

The older method is a hassle and uses a method Microsoft plans to withdrawn
(maybe they have now withdrawn it). The new way needs no manual copy/paste,
but depends on Claws successfully listening for a connection on the local
machine at port 8888. 

Old method - did you do the manual copy/paste the code from the URL?

New method - could something else on your computer be using port 8888
already? E.g. local file transfer software that you use to copy files to/from
your phone or something like that. That could block the authorisation
process. 

Hopefully you can pick your way through this to spot what's happening. But I
can confirm that the process has worked here in the last few minutes to
re-authorise an Outlook email account.  

David.

More information about the Users mailing list