docker-msmtpd icon indicating copy to clipboard operation
docker-msmtpd copied to clipboard
verified publisher icon crazy-max

O365 auth not working - suggestions?

Open yayaasd opened this issue 10 months ago • 1 comments

Hi there, anyone able to do OUAUTH2 with MS O365?

I give it a try, but did not really worked out. this is how i give it a try:

msmtp config:

defaults
account default
logfile /var/log/msmtp.log
syslog on
host smtp.office365.com
port 587
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
auth xoauth2
user [email protected]
passwordeval "cat /run/secrets/oauth_token"
from [email protected]

how i get my oauth token: (some simple python script) followed this information: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

import requests
import base64

# Replace with your actual values
TENANT_ID = "TENANT_ID_from_azure_app"
CLIENT_ID = "CLIENT_ID_from_azure_app"
CLIENT_SECRET = "CLIENT_SECRET_from_azure_app"
SCOPE = "https://outlook.office365.com/.default"

# Define the token URL
TOKEN_URL = f"https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token"
# Prepare the data payload
data = {
    "client_id": CLIENT_ID,
    "scope": SCOPE,
    "client_secret": CLIENT_SECRET,
    "grant_type": "client_credentials",
}

# File to save the token
TOKEN_FILE = "oauth_token"
try:
    # Make the POST request
    response = requests.post(TOKEN_URL, data=data)

    # Check for successful response
    if response.status_code == 200:
        # Parse the access token
        access_token = response.json().get("access_token")
        
        # Define the username
        user_name = "[email protected]"
        
        # Encode in SASL XOAUTH2 format
        sasl_xoauth2 = base64.b64encode(f"user={user_name}\x01auth=Bearer {access_token}\x01\x01".encode()).decode()
        
        # Save the token in SASL XOAUTH2 format to the file
        with open(TOKEN_FILE, "w") as file:
            file.write(sasl_xoauth2)
        
        print(f"SASL XOAUTH2 token saved to {TOKEN_FILE}")
    else:
        print("Failed to fetch access token:", response.status_code, response.text)
except Exception as e:
    print(f"An error occurred: {e}")

any ideas?

yayaasd avatar Feb 15 '25 15:02 yayaasd

due to nobody seems to be aware about this, here is my temporary solution.

I created a connector based on ip/cert auth with this guide: how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

will keep the case open, may somebody is figuring out a solution

yayaasd avatar Mar 05 '25 11:03 yayaasd