the-djmaze
commented
3 months ago I was looking at it a few weeks ago, but had some trouble with it due to other changes Microsoft is making.
Will document my draft code and see what can be done.
Closed chascode closed 1 month ago
the-djmaze
commented
3 months ago I was looking at it a few weeks ago, but had some trouble with it due to other changes Microsoft is making.
Will document my draft code and see what can be done.
the-djmaze
commented
3 months ago I've added my draft code. Microsoft requires an Azure account that has an active subscription. I'm not going to pay, so feel free to get the code working yourself.
the-djmaze
commented
3 months ago Showstopper issue redirect_uri=https://domain.tld/?LoginO365:
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
Problem is Microsoft: https://learn.microsoft.com/en-us/entra/identity-platform/reply-url#query-parameter-support-in-redirect-uris
Query parameters are not allowed in redirect URIs for any app registration configured to sign in users with personal Microsoft accounts such as Outlook.com (Hotmail)
the-djmaze
commented
3 months ago For experimental usage with SnappyMail v2.36.1+ (requires Apache AcceptPathInfo): https://github.com/the-djmaze/snappymail/tree/master/plugins/login-o365
This should be the most comprehensive "not working" draft code for anyone that wants to try using the most annoying OAuth implementer that exists.
I always advice to stop using Microsoft products, but somehow too many "advisors" keep selling the crap that Microsoft produces. Since we don't have the power to kill it (i even tried through the EU-government, regarding email vendor lock-in), this code should be enough to get you going with implementing it.
GregThib
commented
3 months ago Hi!
This workaround seem to introduce a new failure: under Apache 2.4+, without mod_access_compat, giving a 500 error when trying to connect. The Allow directive is obsolete and should not be employed now.
Maybe, a fix is to test the presence of mod_access_compat, and if not, use Require instead?
the-djmaze
commented
3 months ago @GregThib sorry, my bad. That rule shouldn't be in and i removed it.
GregThib
commented
3 months ago @GregThib sorry, my bad. That rule shouldn't be in and i removed it.
No problem, I use the in-dev version via git fetch, so these kinds of "bugs" are normal outside tagged versions. I just wanted to prevent, in case the faulty code remain later.
the-djmaze
commented
1 month ago Ok, back to the drawing board. It killed the Nextcloud integration #1703 https://github.com/the-djmaze/snappymail/commit/47d18cafa38dd526b4221c2a72d1529e4fa1d255#r144395031
Microsoft are dropping support for app passwords in September.
With an extension similar to "GMail OAuth2" (where I enter my client id/secret provided by Microsoft) I can still use snappymail after September.
I've considered using DavMail (available in debian's default repositories) as a gateway between snappymail and Microsoft's exchange servers.