Table of Contents :TOC_5_gh:noexport:
[[#overview][Overview]]
[[#dependencies][Dependencies]]
[[#installation][Installation]]
[[#usage][Usage]]
[[#todos][TODOS]]
Overview This tool can be used to fetch oauth2 tokens from the microsoft identity endpoint. Additionally, it can encode the token in the [[https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#sasl-xoauth2][XOAUTH2 format]] to be used as authentication in IMAP mail servers. Example configuration for emacs given in [[steps.org]].
Dependencies Requires mbsync >= 1.3. More information available at: https://github.com/harishkrupo/oauth2ms/issues/2#issuecomment-846464452
Installation Clone the repository and install the requirements.
pip install -r requirements.txt
Then copy the =oauth2ms= file to any location in your =$PATH=. ** XDG CONFIG HOME For the app to locate your config file, the =$XDG_CONFIG_HOME= environment variable must be set. It is generally set to =$HOME/.config=.
Usage Create a config file with the below details at =$XDG_CONFIG_HOME/oauth2ms/config.json=
{ "tenant_id": "TENANT_ID", "client_id": "CLIENT_ID", "client_secret": "CLIENT_SECRET", "redirect_host": "localhost", "redirect_port": "5000", "redirect_path": "/getToken/", "scopes": ["https://outlook.office.com/IMAP.AccessAsUser.All"] }
If you aren't sure how to fetch the the TENANT_ID, CLIENT_ID and CLIENT_SECRET values, read more on [[file:steps.org][steps.org]]. After creating the config file, execute =oauth2ms=, it should pop up a browser window asking you to login. Once logged it, it should redirect you to a page which says "Authorization complete.". On the terminal you should see the token printed. Subsequent fetches should use the refresh token to get the access token. Call =oauth2ms= with the ~--encode-xoauth2~ to get the token in [[https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#sasl-xoauth2][XOAUTH2 format]].
oauth2ms --encode-xoauth2
Optionally, you can add "https://outlook.office.com/SMTP.Send" to the list of scopes to use the token for stmp. See [[steps.org]] for information on configuring emacs for sending mail via smtp with xoauth2.
** Encryption Encryption of the fetched token cache can be enabled using the =-e= (=--encrypt-using-fingerprint=) option. The option takes the email/fingerprint to identify the gpg key to use for encrypting and decrypting the token cache.
oauth2ms -e