Authorisation Not Working on Hotmail Account

[DaveH1]

Hi Simon. I've set the proxy up, I hope correctly, to access my Hotmail account with Aurora, the updated version of Eudora, which I'm sure you're aware of. It seems to work fine until I get the popup asking me to authorise the account. When I try to do that, a box from Microsoft pops up asking me to log in. However, when I try to log in using my Hotmail address as the username, it says that I can't log in with a personal account, and to use a work or school account instead, neither of which I have of course! Any idea how to get past this? I've done a lot of searching, but nothing seems to help. Thanks, Dave.

[Xon]

I think this depends on the clientId you are using. With thunderbird's clientId from OAuth2Providers.jsm (08162f7c-0fd2-4200-a84a-f25a4db0b584), this error will happen, but if you use the one from OAuth2Providers.sys.mjs (9e5f94bc-e8a4-4e73-b8be-63364c29d753 ) with an empty client_secret and a https://localhost redirect it works.

Sadly SMTP with oauth doesn't appear to be working with the 2nd client and mozilla is saying just using basic auth: https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202#w_imappop3-work-but-smtp-does-not-work

[DaveH1]

Thanks for that, I've tried your suggestions and the results are much more encouraging, but still not working I'm afraid.

This is what I now have in my configuration file -

[xxxxxxx@hotmail.com] permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access redirect_uri = https://localhost client_id = 9e5f94bc-e8a4-4e73-b8be-63364c29d753

Does that look OK? I removed the client_secret line completely, was that the right thing to do? I think it says somewhere to do that if it's not being used.

This is what I'm now getting from Aurora on receive, after an apparently successful authorisation -

If I try to send, again the proxy says the authorisation was successful, but then I get this in Aurora -

Any ideas? I think the setup for the persona in Aurora is correct. Cheers, Dave.

[DaveH1]

OK, getting nearer (I hope!) I noticed that the URLs in the oauth2_scope line said outlook.office365.com. They should say (looking at the example) outlook.office.com. After changing that, I could then log in to authenticate, but I'm still getting a connection failure in Aurora when trying to retrieve messages. I'm using POP, by the way.

[simonrob]

I just tried this with an old Hotmail account – I'm afraid I can't replicate the issue. With the configuration below, and adding the same client_id as you (and no client_secret), the account works fine with the proxy. I only tested IMAP, but I see no reason why the other protocols wouldn't work as long as you have them enabled for your account.

[account@hotmail.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
redirect_uri = https://localhost

[DaveH1]

Thanks Simon! I don't understand this at all. When I try to check my Hotmail account using Aurora, I get a prompt from the proxy to authorise the connection, which presumably means that Aurora is talking to the proxy correctly. When I invoke the authorisation, a window pops up from Microsoft asking for my password. I put it in, and it's apparently accepted, I get a notification from the proxy that it succeeded, and then immediately Aurora pops up the window saying that the login failed.

Do I need to have two-factor authorisation switched on in the Microsoft account associated with the Hotmail address?

[DaveH1]

@simonrob I assume this is the problem, from the proxy log -

Caught exception while requesting OAuth 2.0 credentials for account xxxx@hotmail.com: URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1000)'))

Any ideas? What certificate would have expired? Presumably not one associated with Thunderbird, as it worked for you?

[simonrob]

Thanks for following up with the extra detail. This is a different problem, not related to the proxy. I'd recommend looking at previous issues where certificate issues have been discussed – see #142 or #259 for example.

[DaveH1]

Hi again Simon. I looked at those reports, and found the expired certificate in the Intermediate store, but not in the Trusted Root store. Anyway, I deleted it, and everything has all come good, thank you very much!

[simonrob]

Great - I'm glad you were able to resolve this.