UvA-FNWI / M365-IMAP

MIT License
70 stars 17 forks source link

Invalid grant #2

Closed WebSpider closed 3 years ago

WebSpider commented 3 years ago

Hi! First of all, thanks very much.

I've been using thunderbird with M365 tenant successfully, the tenant has forced modern authentication on, so i was hoping to swap to offlineimap.

For some reason, I keep getting the following error msg:

XOAUTH2 authentication failed: xoauth2handler got: {u'error_uri': u'https://login.microsoftonline.com/error?code=9002313', u'timestamp': u'2021-04-08 11:41:51Z', u'trace_id': u'fd30899c-96dc-44dd-ba5b-29c65c9db402', u'correlation_id': u'ec415584-c0d5-4149-b208-9c97edf767bd', u'error_description': u'AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: fd30899c-96dc-44dd-ba5b-29c65c9db402\r\nCorrelation ID: ec415584-c0d5-4149-b208-9c97edf767bd\r\nTimestamp: 2021-04-08 11:41:51Z', u'error': u'invalid_grant', u'error_codes': [9002313]} PLAIN authentication failed: Connection is closed. 13 Enter password for user 'user@my.org': LOGIN authentication failed: Connection is closed. 13 Failed to connect. Reason All authentication types failed:

Any idea what the source could be?

goomens commented 3 years ago

Note that modern auth works in Thunderbird as well (as of version 78), see e.g. instructions here.

As for your issue, I don't immediately have an idea what could be wrong there. Does Thunderbird work with your tenant (if you are re-using that client ID/secret)? Otherwise the issue might be that your tenant admin hasn't allowed it.

WebSpider commented 3 years ago

As for your issue, I don't immediately have an idea what could be wrong there. Does Thunderbird work with your tenant (if you are re-using that client ID/secret)? Otherwise the issue might be that your tenant admin hasn't allowed it.

Yeah, thats the strange thing: Thunderbird works with modern auth in my tenant just perfectly, for both sending and receiving messages. And indeed, I used the client/secret from Thunderbird for offlineimap, since endusers are not allowed to create apps inside the tenant at this point.

Thanks for looking at the issue, I will dig into it deeper, and will post the solution here as well.

No wouldnt it be great if we would have something similar to remotepasseval for oauth2_client_secret and oauth2_refresh_token for integration with things like pass, lpass, etc :-)

WebSpider commented 3 years ago

Well, that was quick.This issue was caused by putting quotes around the values in offlineimaprc for oauth2_client_id and oauth2_client_secret. They are in config.py with quotes, so i just copied it from those.

Removed the quotes, and offlineimap --info -a my-m365 worked perfectly.

goomens commented 3 years ago

Ah, good to know that adding quotes generates this mysterious error 😄