Eas-4-tbsync - force oauth and stops synchronize

[kjonca]

Your environment

TbSync version: 2.8 EAS-4-TbSync version: beta 28.XI.2019 Thunderbird version: 68.2.2 (64-bit)

[ x] Yes, I have installed the latest available (beta) version from

• https://github.com/jobisoft/TbSync/releases
• https://github.com/jobisoft/EAS-4-TbSync/releases and my issue is not yet fixed, I can still reproduce it.

Expected behavior

Calendar and contact are synchronized. Use machine password to login

Actual behavior

Pop ups oauth window, then I have to authorize and got message "Provider for Exchange ActiveSync for Office 365 needs permission to access resources in your organization that only an admin can grant. Please ask an admin to grant permission to this app before you can use it." Of course I have no admin account.

Steps to reproduce

Simply try to sync.

Previous version (14 november) works

[jobisoft]

Microsoft is deactivating non oauth access to Office 365. Are you using an account linked to a office 365 tenant, like a company? Do you have an IT appartment?

I can of course add a switch to go back to the old behaviour, but that just gives you a couple of month grace time. using OAuth is the future and your IT appartment needs to approve :-(

[kjonca]

Yest it is a company account. But how about for example Imap access? "Machine passwords" will be disabled? Edit: I asked our IT guys, they claim that I have all permissions, and were quite surprised when I asked them.

[jobisoft]

The IT guy just has to "use" TbSync with EAS once with his admin account and he will see a checkbox to grant access for all users:

For IMAP the future is not set, more and more IT departments disabe IMAP. I do not know what Microsofts Policy is here.

[kjonca]

"The IT guy just has to "use" TbSync with EAS once with his admin account and he will see a checkbox to grant access for all users:" I am afraid it is not possible.

[jobisoft]

Oh no, why?

[kjonca]

It is beyond me. I can use this extension, but I rather cannot force my admin to use it :) I am afraid, that a switch to back old behavior is only usable option.

[jobisoft]

He does not have to use it permanently, just once to grant access.

I will do some research, if you could also send some sort of link to your IT Department, where they can aknowlege that without having to really use it.

For now: Switch to beta (https://tbsync.jobisoft.de) and set

extensions.eas4tbsync.OAuth = false

in the advanced Thunderbird configuration

[kjonca]

I will do some research, if you could also send some sort of link to your IT Department, where they can aknowlege that without having to really use it.

I am afraid that I have no rights to speak in my company name. :(

For now: Switch to beta (https://tbsync.jobisoft.de) and set

extensions.eas4tbsync.OAuth = false

in the advanced Thunderbird configuration

Thanks. It works.

[mcrucianelli]

He does not have to use it permanently, just once to grant access.

I will do some research, if you could also send some sort of link to your IT Department, where they can aknowlege that without having to really use it.

For now: Switch to beta (https://tbsync.jobisoft.de) and set

extensions.eas4tbsync.OAuth = false

in the advanced Thunderbird configuration

Thanks, I have the same problem, and it solved it!

[jobisoft]

I am afraid that I have no rights to speak in my company name. :(

One way or the other your IT must allow usage of my app before Basic Auth is removed.

You said you do not want to force them to install Thunderbird which I can understand. The other option might be, that they log into their Office 365 Admin Interface and set a checkbox somewhere. If that is possible, I could post the link here, which you can then forward to your IT and ask them to acknowlege my app usage.

[kjonca]

I am afraid that I have no rights to speak in my company name. :(

One way or the other your IT must allow usage of my app before Basic Auth is removed.

Do we speak about the same things? I speak about "machine passwords" / "application paswords". I know nothing about this functionality will be removed. Am I wrong?

[jobisoft]

https://techcommunity.microsoft.com/t5/blogs/blogarticleprintpage/blog-id/Exchange/article-id/27095

[kjonca]

Pity. It is clear, that MS wants to enforce use their solutions. Unfortunately there is no good exchange client for linux :(

[jobisoft]

https://addons.thunderbird.net/addon/owl-for-exchange/

But it is a paid addon.

[jobisoft]

I think the link you need to send to your IT is simply this:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=2980deeb-7460-4723-864a-f9b0f10cd992&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&scope=offline_access+https%3A%2F%2Foutlook.office.com%2FEAS.AccessAsUser.All&prompt=consent

This will ask them to login and they can grant permission on behalf of their company.

[jobisoft]

I just uploaded a new beta which no longer force switches users to OAuth. The OAuth setting is no longer needed (and removed). Only if you use the setup wizard to explicitly setup an Office 365 account, OAuth will be used.

[jobisoft]

Has hit ATN as v1.9