pdobsan
question for login with Office 365
Hello, I am trying to authenticate my Office 365 account. I work at a company that requires a 2-step authentication with Microsoft Authenticator. With the mutt oauth2 script things are working fine, with mailctl I insert my password but then I receive the following message error I do not quite understand:
Request
{ requestMethod = "POST"
, httpVersion = HTTP/1.1
, rawPathInfo = "/common/login"
, rawQueryString = ""
, requestHeaders =
[
( "Host"
, "localhost:8080"
)
,
( "User-Agent"
, "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0"
)
,
( "Accept"
, "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"
)
,
( "Accept-Language"
, "it,en-US;q=0.7,en;q=0.3"
)
,
( "Accept-Encoding"
, "gzip, deflate, br"
)
,
( "Referer"
, "http://localhost:8080/"
)
,
( "Content-Type"
, "application/x-www-form-urlencoded"
)
,
( "Content-Length"
, "1681"
)
,
( "Origin"
, "http://localhost:8080"
)
,
( "DNT"
, "1"
)
,
( "Connection"
, "keep-alive"
)
,
( "Cookie"
, "brcap=0; wlidperf=FR=L&ST=1700666960153; session=eyJjc3JmdG9rZW4iOiAiOTg2MTk3Njc2NiJ9.ZVzAKA.v-eECYYZjVnKU0Zns80l0DqI5x0; MicrosoftApplicationsTelemetryDeviceId=a0ed6817-3749-4531-ac6c-e0d16cc782f5; ai_session=AVdLwiRwpvBkqVgQgHILVf|1700666700871|1700666809099; MSFPC=GUID=6efa70116e464e1e89365f00ed644c72&HASH=6efa&LV=202311&V=4&LU=1700666703642"
)
,
( "Upgrade-Insecure-Requests"
, "1"
)
,
( "Sec-Fetch-Dest"
, "document"
)
,
( "Sec-Fetch-Mode"
, "navigate"
)
,
( "Sec-Fetch-Site"
, "same-origin"
)
,
( "Sec-Fetch-User"
, "?1"
)
]
, isSecure = False
, remoteHost =
[ ::1 ]:53512
, pathInfo =
[ "common"
, "login"
]
, queryString = []
, requestBody =
, vault =
, requestBodyLength = KnownLength 1681
, requestHeaderHost = Just "localhost:8080"
, requestHeaderRange = Nothing
}
For completeness, this is my services.yaml file:
microsoft:
auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
auth_http_method: GET
auth_params_mode: query-string
token_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token
token_http_method: POST
token_params_mode: request-body-form
redirect_uri: http://localhost:8080
auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
client_id: cd803c31-c6ae-4fc0-88d2-691631d49264
client_secret: '-Xo8Q~YSCxDcmqmLDuzVGwvwKx8pXT9aHfVrRdu_'
Am I doing something wrong or is it just that mailctl does not work with certain organizations?
Thank you very much in advance.
with mailctl I insert my password but then I receive the following message error I do not quite understand:
Request { requestMethod = "POST" , httpVersion = HTTP/1.1 . . . }
I cannot see any error message here, it is just debug output. Include everything starting with the full command used, up to the very end finishing with the new shell prompt.
Also tell what happens in the browser.
For completeness, this is my services.yaml file:
microsoft: auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize ... client_id: cd803c31-c6ae-4fc0-88d2-691631d49264 client_secret: '-Xo8Q~YSCxDcmqmLDuzVGwvwKx8pXT9aHfVrRdu_'
What is the client we are talking about here? Where are these coming from?
Am I doing something wrong or is it just that mailctl does not work with certain organizations?
Hard to tell, I don't have such microsoft account. Some people are successfully using mailctl with office 365 organizational account. Others having difficulties.
Thank you @pdobsan for the fast answer.
I cannot see any error message here, it is just debug output. Include everything starting with the full command used, up to the very end finishing with the new shell prompt.
Also tell what happens in the browser.
In the browser, the same debug message shows up just after I insert the password and try to go to the next page. On top of the message, I have a title saying localWebServer - invalid request.
What is the client we are talking about here? Where are these coming from?
This is an app I registered on Azure following the instructions in the mutt oauth2 script. These credentials are the same I use for that script with the same authorization APIs (that include those requested in services.yaml).
Copying my comment from sr.ht mailing-list:
As discussed in another thread (”Re-direct to institution auth (Microsoft 365) not working”), this may have to do with the CORS-situation of the organizations Single Sign-On (SSO).
I had success doing the authorization flow in a browser with disabled web security (CORS checks etc.)
I launched chromium like this: chromium --disable-web-security --user-data-dir=/tmp/chromium-tmp and then opened http://localhost:8080/ there.
There is apparently no similar way of doing this in firefox.
https://lists.sr.ht/~petrus/mailctl-discuss/%3Cd48dae5a-c7e6-4ccb-90b9-6922f6bf61d8%40protonmail.com%3E
Doing this again today, I had better success with mailctl authorize --nohint than without --nohint.
