Open ziptbm opened 11 months ago
Implementing OAuth has proven more difficult than anticipated.
I'm sorry I can't offer my own help, but have you reached out to the people of this project? Another integration that I use (this one) uses this project and it work very well. My apologies if you've already traversed this path.
I'll take a look, thanks.
It seems those packages don't quite enable what we'd need to get this to work, but I've attempted to add Office365 support on this branch, if you'd like to give it a try.
You'll need your tenant ID, a client ID, and a secret, you should be able to use the info from the wiki to generate/obtain this information.
Actually, you may want to skip trying this branch just yet, I need to hammer on it a bit more.
Sounds good, I'm more than happy to test and help out where I can :)
Ok I did some further updates, it might work now oauth-test let me know how it works out for you.
Doesn't seem to work for me unfortunately -
Don't seem to see anything in logs.
Thanks I'll keep hammering at it.
Ok looks like I cleared up those issues now, you'll need to repull the files.
Thanks again for testing.
No worries, I'm seriously glad I can help in some way :)
I'm still running into issues, but it seems like at least I'm getting further along.
All of them are copied directly from Azure.
There should be an error in your home-assistant.log
regarding this with more info.
There should be an error in your
home-assistant.log
regarding this with more info.
Sorry, I thought it didn't generate anything in logs but I was just looking too quickly, here's what my logs say
2024-02-16 12:30:02.556 ERROR (MainThread) [custom_components.mail_and_packages.oauth] An error occured: invalid_request
Description: AADSTS9002331: Application '8179c266-8258-48f6-808a-f5fad0a69d66'(Mail and deliveries ) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request. Trace ID: 9179b478-b454-4af5-9939-123fa00a2000 Correlation ID: 6354093c-542b-43cd-9db4-9af9dc2ce814 Timestamp: 2024-02-16 18:30:02Z
ID: 6354093c-542b-43cd-9db4-9af9dc2ce814
2024-02-16 12:30:02.556 ERROR (MainThread) [custom_components.mail_and_packages.config_flow] Problems obtaining oAuth token.
2024-02-16 12:30:05.038 ERROR (MainThread) [custom_components.mail_and_packages.oauth] An error occured: invalid_request
Description: AADSTS9002331: Application '8179c266-8258-48f6-808a-f5fad0a69d66'(Mail and deliveries ) is configured for use by Microsoft Account users only. Please use the /consumers endpoint to serve this request. Trace ID: c49129f1-0943-40ed-86c9-7597cf102200 Correlation ID: fac697cb-5aa5-444e-8410-cab3de039867 Timestamp: 2024-02-16 18:30:04Z
ID: fac697cb-5aa5-444e-8410-cab3de039867
2024-02-16 12:30:05.038 ERROR (MainThread) [custom_components.mail_and_packages.config_flow] Problems obtaining oAuth token.
I just pushed another fix, however, you have to register the app using the Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
option rather than the Personal Accounts Only
option.
Once you do this you have to add the API Office 365 Exchange Online
from the API permissions
section and add the IMAP.AccessAsApp
permisison.
Example:
Did both of these, however, still running into [custom_components.mail_and_packages.helpers] Error logging into IMAP Server: AUTHENTICATE failed.
Very possible I don't have something set right, but not sure where to look
Ya that's as far as I get as well. From what I found searching it's because I don't have the Office 365 Exchange API stuff.
Seems I'll need to use another approach for this.
@firstof9 if you need someone in addition to test, please let me know. I can also not wait to use that function 😉.
It's slow going, but I have a plan.
Is there something I can help with here? I'm very familiar with the nuts and bolts of oauth authentication, and I would like oauth support on this project so I can use it against a gmail account without an app password.
I'm still working on it when I have time.
Is there something I can help with here?
Basically we have to setup a a webhook pointing to https://my.home-assistant.io/api/webhook/mail_and_packages
which, once setup by the user, will provide the refresh token/access token we need to store so we can then use the access token to login to IMAP. I welcome any PRs to help with this.
Can you not use homeassistant.helpers
's config_entry_oauth2_flow
? From what I can tell that handles web hooks, refresh tokens, etc for you.
(Unfortunately, you went straight for asking questions about homeassistant instead of Oauth lol. Oauth I'm familiar with... homeassistant I started using about roughly 2 days ago)
I'm primarily looking at the fitbit integration. Specifically, https://github.com/home-assistant/core/blob/dev/homeassistant/components/fitbit/api.py https://github.com/home-assistant/core/blob/dev/homeassistant/components/fitbit/application_credentials.py https://github.com/home-assistant/core/blob/dev/homeassistant/components/fitbit/config_flow.py
Can you not use
homeassistant.helpers
'sconfig_entry_oauth2_flow
?
If I use this method, there would need to be multiple version of the integration, one for each oauth email service, this is not ideal.
Can you not just register additional implementations using different DOMAINs for a single integration? Perhaps mailpackages_gmail, mailpackages_o365, etc?
No they'd have to go in a directory structure with that domain name.
Hmm. Is Mail and Packages really the only addon/integration that wants to connect to more than one Oauth provider? Is there any way to have e.g. an oauth provider per entity, or per device, or something?
That might be something that makes sense to request as a feature add in HA itself if it's not possible, instead of re-implementing the wheel.
As far as I am aware, yes the only integration looking to oauth multiple providers.
just to check, does mail and packages need to connect to multiple oauth providers at the same time, or just have the capability to connect to multiple different providers?
Just have the capability to connect to multiple different providers..
Hm. Can you not use config_entry_oauth2_flow with a generic 'mail_and_packages' domain but not actually register the provider until the user has picked one? and just de-register/re-register it if they change their mind later? Because really, the only thing that changes is what URLs everything is pointed to and the JWKS, and those can be decided as needed, since it only needs to connect to a single one.
Sadly the Home Assistant architecture doesn't work that way.
Does it have to be set at server startup or app load or something? Sorry, I'm again unfamiliar with HA itself, and I'm not seeing any of that in the config flow code itself.
Reimplementing oauth is something we could totally do, but trust me, you want to exhaust all avenues before you pick up that maintenance burden lol
I've exhausted all the standard HA ways to implement this.
Is your feature request related to a problem? Please describe.
Unable to authenticate into my Office 365 inbox via this integration, but it works with Outlook.com accounts. I see the steps for configuration and the indication that it's WIP, so I'm curious if this is possible. https://github.com/moralmunky/Home-Assistant-Mail-And-Packages/wiki/Configuration-and-Email-Settings#office-365-wip
Describe the solution you'd like The ability to use an Office 365 inbox.
Describe alternatives you've considered Forwarding messages to an Outlook.com inbox for this, but that just seems excessive and not foolproof for missing mails.