Closed DaveH1 closed 1 day ago
I think this depends on the clientId you are using. With thunderbird's clientId from OAuth2Providers.jsm
(08162f7c-0fd2-4200-a84a-f25a4db0b584
), this error will happen, but if you use the one from OAuth2Providers.sys.mjs
(9e5f94bc-e8a4-4e73-b8be-63364c29d753
) with an empty client_secret
and a https://localhost
redirect it works.
Sadly SMTP with oauth doesn't appear to be working with the 2nd client and mozilla is saying just using basic auth: https://support.mozilla.org/en-US/kb/microsoft-oauth-authentication-and-thunderbird-202#w_imappop3-work-but-smtp-does-not-work
Thanks for that, I've tried your suggestions and the results are much more encouraging, but still not working I'm afraid.
This is what I now have in my configuration file -
[xxxxxxx@hotmail.com] permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token oauth2_scope = https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/POP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access redirect_uri = https://localhost client_id = 9e5f94bc-e8a4-4e73-b8be-63364c29d753
Does that look OK? I removed the client_secret line completely, was that the right thing to do? I think it says somewhere to do that if it's not being used.
This is what I'm now getting from Aurora on receive, after an apparently successful authorisation -
If I try to send, again the proxy says the authorisation was successful, but then I get this in Aurora -
Any ideas? I think the setup for the persona in Aurora is correct. Cheers, Dave.
OK, getting nearer (I hope!) I noticed that the URLs in the oauth2_scope line said outlook.office365.com. They should say (looking at the example) outlook.office.com. After changing that, I could then log in to authenticate, but I'm still getting a connection failure in Aurora when trying to retrieve messages. I'm using POP, by the way.
I just tried this with an old Hotmail account – I'm afraid I can't replicate the issue. With the configuration below, and adding the same client_id
as you (and no client_secret
), the account works fine with the proxy. I only tested IMAP, but I see no reason why the other protocols wouldn't work as long as you have them enabled for your account.
[account@hotmail.com]
permission_url = https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/common/oauth2/v2.0/token
oauth2_scope = https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access
redirect_uri = https://localhost
Thanks Simon! I don't understand this at all. When I try to check my Hotmail account using Aurora, I get a prompt from the proxy to authorise the connection, which presumably means that Aurora is talking to the proxy correctly. When I invoke the authorisation, a window pops up from Microsoft asking for my password. I put it in, and it's apparently accepted, I get a notification from the proxy that it succeeded, and then immediately Aurora pops up the window saying that the login failed.
Do I need to have two-factor authorisation switched on in the Microsoft account associated with the Hotmail address?
@simonrob I assume this is the problem, from the proxy log -
Caught exception while requesting OAuth 2.0 credentials for account xxxx@hotmail.com: URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1000)'))
Any ideas? What certificate would have expired? Presumably not one associated with Thunderbird, as it worked for you?
Thanks for following up with the extra detail. This is a different problem, not related to the proxy. I'd recommend looking at previous issues where certificate issues have been discussed – see #142 or #259 for example.
Hi again Simon. I looked at those reports, and found the expired certificate in the Intermediate store, but not in the Trusted Root store. Anyway, I deleted it, and everything has all come good, thank you very much!
Great - I'm glad you were able to resolve this.
Hi Simon. I've set the proxy up, I hope correctly, to access my Hotmail account with Aurora, the updated version of Eudora, which I'm sure you're aware of. It seems to work fine until I get the popup asking me to authorise the account. When I try to do that, a box from Microsoft pops up asking me to log in. However, when I try to log in using my Hotmail address as the username, it says that I can't log in with a personal account, and to use a work or school account instead, neither of which I have of course! Any idea how to get past this? I've done a lot of searching, but nothing seems to help. Thanks, Dave.