EAS-4-TbSync icon indicating copy to clipboard operation
EAS-4-TbSync copied to clipboard

Published 20 hours ago verified publisher icon jobisoft

Office 365 OAuth doesn't work with non-MS email addresses

Open majutsushi opened this issue 1 year ago • 9 comments

Your environment

TbSync version: 4.8 EAS-4-TbSync version: 4.8 Thunderbird version: 115.7.0

Expected behavior

Being able to sync with a non-Microsoft email address that's used to log in to Office 365

Actual behavior

The autodiscover functionality redirects to my own domain, which of course is not set up to handle this:

** Wed Jan 24 2024 13:12:13 GMT+1300 (New Zealand Daylight Time) **
[Querry EAS autodiscover V2 URL] : https://autodiscover-s.outlook.com/autodiscover/autodiscover.json?Email=jan%40majutsushi.net&Protocol=ActiveSync

** Wed Jan 24 2024 13:12:13 GMT+1300 (New Zealand Daylight Time) **
[EAS autodiscover V2 with error (network::NS_ERROR_UNKNOWN_HOST)] : 
https://autodiscover-s.outlook.com/autodiscover/autodiscover.json?Email=jan%40majutsushi.net&Protocol=ActiveSync => 
https://autodiscover.majutsushi.net/autodiscover/autodiscover.json/v1.0/[email protected]?Protocol=ActiveSync&RedirectCount=1

Steps to reproduce

I have my own domain and use an email address on it to log in to my Microsoft account. This works fine on things like Microsoft's websites, but the way the extension tries to log in doesn't seem to be able to handle this, as shown above. This may be related to #191 as well.

I previously used the "custom configuration" setup which worked fine, but now I also seem to be affected by #259 and so tried the modern approach instead, which also doesn't work. So at the moment there doesn't seem to be a way for me to connect at all.

Workaround

I've added an account alias in my Microsoft account with an official @outlook.com address (which I didn't have before) and used that to log in, which works fine. I'm not sure if it would be possible for this extension to make the third-party address case work without some changes on Microsoft's part.

majutsushi avatar Jan 24 '24 22:01 majutsushi

I'm getting the exact same fault. O365 account with custom domain email address.

mikelambrellis avatar Feb 01 '24 22:02 mikelambrellis

I've fixed my issue by deleting and recreating the sync account but this time using the Office365 (OAuth 2.0) option, as per the comments on this ticket: https://github.com/jobisoft/EAS-4-TbSync/issues/259

mikelambrellis avatar Feb 03 '24 00:02 mikelambrellis

@majutsushi : In order to setup your account TbSync needs to find the server. I attempt to read from

https://autodiscover-s.outlook.com/autodiscover/autodiscover.json?Email=jan%40majutsushi.net&Protocol=ActiveSync

I have a professional Office365 account with an custom domain and when I request that page for a valid email address (registered in that tenant), I get the correct values back. If I use a bad addr, I am not getting back the correct values. So Microsoft knows who I am, despite my custom domain.

That does not seem to be the case for you. Instead, Microsoft redirects to your own server:

https://autodiscover.majutsushi.net/autodiscover/autodiscover.json/v1.0/[email protected]?Protocol=ActiveSync

That does not return anything useful.

So open questions are:

  1. Why does Microsoft not know about your account? (What type of account do you have?)
  2. Would you be able to provide the information at the redirected page?

jobisoft avatar Feb 24 '24 12:02 jobisoft

I have a personal account without any subscriptions, and I had the address with the custom domain configured as the primary "account alias". I couldn't find any other place in the account settings where I could have told Microsoft about my custom domain.

What I have done now is add another account alias with an official @outlook.com address, and using that in tbsync made it work.

majutsushi avatar Feb 25 '24 03:02 majutsushi

When you say "alias", do you also have an original Microsoft address, which was assigned to you, when you created the account, before you added your alias?

Does that address also works in TbSync, or did you completely remove that original address from your account, so you had to add a new "mircosoft" alias now, to get it working?

jobisoft avatar Feb 25 '24 10:02 jobisoft

I've never had an official Microsoft address (i.e. @outlook.com or similar) before, maybe because my account was originally converted from a Skype account. I've only ever used my custom email address to log in. So I used the "account alias" section to add my first official address (there doesn't seem to be any other way to add such an address to an existing account).

majutsushi avatar Feb 26 '24 05:02 majutsushi

Thanks for the additional info. Could you add the solution to the first post in this thread? I will then close this as solved, but pin this issue to the top, for others to find.

jobisoft avatar Feb 26 '24 07:02 jobisoft

Similar issue here. However, the autodiscover seems to work since it returns this result

{"Protocol":"ActiveSync","Url":"https://outlook.office365.com/Microsoft-Server-ActiveSync"}

Then it opens up our internal SSO page that instead of showing the login screen, it shows an error, like if cookies are not allowed or like if the wrong SAML initiation flow has been launched.

In the past 6 months the addon was working fine on a Windows Device with OAuth2, now I am doing a fresh install and I'm stuck.

scollovati avatar Mar 11 '24 08:03 scollovati

@jobisoft Sorry, I had totally forgotten about this issue. I've added my workaround to the first post as you suggested, so feel free to close this.

majutsushi avatar Jun 03 '24 05:06 majutsushi