search

simonrob / email-oauth2-proxy

An IMAP/POP/SMTP proxy that transparently adds OAuth 2.0 authentication for email clients that don't support this method.
Apache License 2.0
814 stars 87 forks source link

Trouble setting up proxy with offlineimap3 client #290

Open filipe3x opened 6 hours ago

filipe3x commented 6 hours ago

Hello, I am trying to set up offlineimap3 to work with the oauth2 proxy, but I get this error.

$ offlineimap
OfflineIMAP 8.0.0
  Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception)
imaplib2 v3.06, Python v3.8.0, OpenSSL 1.1.1  11 Sep 2018
Account sync Outlook365:
 *** Processing account Outlook365
 Establishing connection to 127.0.0.1:1993 (Outlook365-Remote)
 PLAIN authentication failed: b'AUTHENTICATE failed.'
 ERROR: All authentication types failed:
    PLAIN: b'AUTHENTICATE failed.'
 *** Finished account 'Outlook365' in 0:05
ERROR: Exceptions occurred during the run!
ERROR: offlineimap.error.OfflineImapError: All authentication types failed:
    PLAIN: b'AUTHENTICATE failed.'

Traceback:
  File "/usr/local/lib/python3.8/dist-packages/offlineimap-8.0.0-py3.8.egg/offlineimap/accounts.py", line 298, in syncrunner
    self.__sync()
  File "/usr/local/lib/python3.8/dist-packages/offlineimap-8.0.0-py3.8.egg/offlineimap/accounts.py", line 375, in __sync
    remoterepos.getfolders()
  File "/usr/local/lib/python3.8/dist-packages/offlineimap-8.0.0-py3.8.egg/offlineimap/repository/IMAP.py", line 698, in getfolders
    imapobj = self.imapserver.acquireconnection()
  File "/usr/local/lib/python3.8/dist-packages/offlineimap-8.0.0-py3.8.egg/offlineimap/imapserver.py", line 597, in acquireconnection
    self.__authn_helper(imapobj)
  File "/usr/local/lib/python3.8/dist-packages/offlineimap-8.0.0-py3.8.egg/offlineimap/imapserver.py", line 457, in __authn_helper
    raise OfflineImapError("All authentication types "

In email-oauth2-proxy everything seems ok:

2024-09-30 12:18:59: Accepting new connection from 127.0.0.1:45572 to IMAP server at 127.0.0.1:1993 (unsecured) proxying outlook.office365.com:993 (SSL/TLS)

offlineimap configuration:

[Repository Outlook365-Remote]
type = IMAP
remotehost = 127.0.0.1
remoteport = 1993
remoteuser = filipe.it@outlook.pt
ssl = no
folderfilter = lambda foldername: foldername in ['Receipts']
auth_mechanisms = PLAIN
remotepass = mypass
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
oauth2 = true
realdelete = no

Should I change auth_mechanisms to 'OAUTH2' instead of 'PLAIN'? Thanks in advance.

filipe3x commented 6 hours ago

Log of email-oauth2-proxy in debug mode:

2024-09-30 12:47:10: Accepting new connection from 127.0.0.1:45576 to IMAP server at 127.0.0.1:1993 (unsecured) proxying outlook.office365.com:993 (SSL/TLS)
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) --> [ Client connected ]
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-> [ Starting TLS handshake ]
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-> [ TLSv1.2 handshake complete ]
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'* OK The Microsoft Exchange IMAP4 service is ready. [QgBZADUAUABSADEANgBDAEEAMAAwADMAMA...]\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'* OK The Microsoft Exchange IMAP4 service is ready. [QgBZADUAUABSADEANgBDAEEAMAAwADMAMA...]\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) --> b'FEBF1 CAPABILITY\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'FEBF1 CAPABILITY\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'FEBF1 OK CAPABILITY completed.\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'FEBF1 OK CAPABILITY completed.\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) --> b'FEBF2 ID ("name" "OfflineIMAP" "version" "8.0.0")\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'FEBF2 ID ("name" "OfflineIMAP" "version" "8.0.0")\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'* ID ("name" "Microsoft.Exchange.Imap4.Imap4Server" "version" "15.20")\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'* ID ("name" "Microsoft.Exchange.Imap4.Imap4Server" "version" "15.20")\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     <-- b'FEBF2 OK ID completed\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'FEBF2 OK ID completed\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) --> b'FEBF3 AUTHENTICATE PLAIN\r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- b'+ \r\n'
2024-09-30 12:47:10: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) --> b'[[ Credentials removed from proxy log ]]'
2024-09-30 12:47:11: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'FEBF3 AUTHENTICATE XOAUTH2 '
2024-09-30 12:47:11: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993)     --> b'[[ Credentials removed from proxy log ]]\r\n'
2024-09-30 12:47:15: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993; filipe.it@outlook.pt)     <-- b'FEBF3 NO AUTHENTICATE failed.\r\n'
2024-09-30 12:47:15: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993; filipe.it@outlook.pt) <-- b'FEBF3 NO AUTHENTICATE failed.\r\n'
2024-09-30 12:47:15: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993) <-- [ Server disconnected ]
2024-09-30 12:47:15: IMAP (127.0.0.1:45576-{127.0.0.1:1993}-outlook.office365.com:993; filipe.it@outlook.pt) --> [ Client disconnected ]

And this is Proxy's configuration file

[IMAP-1993]
server_address = outlook.office365.com
server_port = 993
local_address = 127.0.0.1

[filipe.it@outlook.pt]
permission_url = https://login.microsoftonline.com/915bb16f-a535-4e08-9143-8af506774452/oauth2/v2.0/authorize
token_url = https://login.microsoftonline.com/915bb16f-a535-4e08-9143-8af506774452/oauth2/v2.0/token
oauth2_scope = https://graph.microsoft.com/IMAP.AccessAsUser.All offline_access openid profile
redirect_uri = https://localhost:7598
client_id = 15ab30a8-5079-47c7-ae31-ba577e27e1db
client_secret = QeE...
simonrob commented 4 hours ago

Please also post the proxy configuration file you are using.

filipe3x commented 4 hours ago

Added the important bits of the proxy configuration file above.