Open betacatgo opened 5 days ago
Thanks for the detailed report. Unfortunately I don't have capacity to troubleshoot Azure/Entra setups, but there are plenty of other guides to help you navigate the confusing process required - this was the first result for me just now, for example.
Re: proxy setup, you should stick with what is in the example configuration file (i.e., not the Graph scopes).
Thanks for your reply, I tried the method in the article you mentioned, but it doesn't work.
In fact, I have tried many articles on configuring Azure/Entra and none of them work.
The following is some additional information.
As a personal account, there are actually no Office 365 permissions, and only Graph permissions are related to emails.
I have tried turning off all the security configurations I can find, but it doesn't work.
I have also tried turning off two-step authentication, or turning on two-step authentication and using app passwords, but neither works.
I struggled for a long time here, but couldn't make the authentication successful.
If there is still no solution, I can only give up my Outlook account and use other email providers...
Ah, that's an important detail - if you're using a free Outlook account you'll need to reuse an OAuth client ID that has been approved by Microsoft as you're not able to approve your own (you're not the administrator). There are links in the proxy's readme to various options here.
Thanks for the information, it helped me finally find the cause.
Since you mentioned that I need to use a Microsoft approved client id, it made me curious to find out what client id Thunderbird uses.
After some time of debugging using the Thunderbird Developer Tool, I found it all at OAuth2Providers.sys.mjs.
The Thunderbird client id can also be found in this blog.
Outlook personal accounts may not require complex Azure/Entra configurations, as Thunderbird client id can be used (interestingly, we don't need to provide client_secret when using Thunderbird client id).
But when I use the Thunderbird client id, the same error appears again.
5.7.3 Authentication unsuccessful.
This makes me suspect that this is not the problem.
I compared the authentication process of Thunderbird with email-oauth2-proxy which is exactly the same but with different results.
Eventually I debugged Thunderbird with breakpoints and I discovered that the OAuthToken sent by Thunderbird was very different from the one sent by email-oauth2-proxy.
The OAuthToken length sent by Thunderbird is 1585, but the length sent by email-oauth2-proxy is 3401.
After I base64 decoded it, only the very beginning user=xxx.xxx@outlook.comauth=Bearer is the same, while the rest is very different.
I tried to modify the code in SMTPOAuth2ServerConnection and replace OAuth2Helper.encode_oauth2_string(result) with the OAuthToken I got in Thunderbird.
I finally saw the long-awaited 250 OK and the email was sent successfully!
250 2.0.0 OK <XXXXX@XXXXX.eurprd03.prod.outlook.com>
I am not an email expert, but can confirm that there should be bugs in OAuth2Helper.get_oauth2_credentials or OAuth2Helper.encode_oauth2_string.
Hopefully this information provided above can help you fix it.
Many thanks!
Since Microsoft no longer allows basic authentication after September 16th, 2024 (app passwords don't work either), I could no longer use git-send-email to send patches through my Outlook personal account, and then I found this project.
5.7.3 Authentication unsuccessful [LO4P123CA0207.GBRP123.PROD.OUTLOOK.COM 2024-10-10T21:50:33.251Z 08DCE9686F3D146F]
After a long time of struggling with the configuration, I am still stuck on this error and I think I need some help.
Above is the failed debug information that frustrates me.
Above is my gitconfig.
Above is my emailproxy.config
I can already get the token_salt, access_token, refresh_token, but the authentication is still unsuccessful.
Above are all my configurations in Azure.
I have completed the permission acceptance and can show OAuth 2.0 proxy successfully.
I am sure that SMTP is not disabled in my Outlook as I can use Thunderbird to send emails successfully.
I have tried changing smtp.office365.com to smtp-mail.outlook.com, https://outlook.office.com/SMTP.Send to https://graph.microsoft.com/SMTP.Send, offline_access to https://graph.microsoft.com/offline_access and Web application to SPA application, but none of them work.
I have tried everything I can think of.
If anyone can help me I would be very grateful.
This is important to me.
Many thanks!