~petrus/mailctl-discuss

5 2

Re: elte.hu login - was mailctl 0.8.5 released

Details
Message ID
<20230311221717.cetr5akpvfhbqckf@localhost>
DKIM signature
missing
Download raw message
 I forgot to disable posting on the announcement list. Done now. I try to
 get this thread over to the discussion list. 

On Sat, Mar 11, 2023 at 09:10:51PM +0100, Bence Ferdinandy wrote:
> Based on some of the emails, I don't think this was supposed to solve my issue,
> but just wanted to confirm I still can't log in. 

Yes and no ... long story.

But it seems to work for me up to the point of login!
Using the same command (no --company):

  % mailctl authorize microsoft ferdinandy.bence@ttk.elte.hu
  To grant OAuth2 access to ferdinandy.bence@ttk.elte.hu visit the local URL below with your browser.
  http://localhost:8080/start
  Authorization started ... 

In my browser I get your elte login page with the library background
image:

  <Elte logo>

  ferdinandy.bence@ttk.elte.hu
  Enter password
  Forgot my password
  Sign in with another account

  Amennyiben kérdése van vagy hibát tapasztal, a 6800-ás központi
  ...

So the only difference must be in our service.yaml file. Here is the
microsoft section of mine:

# https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow    
microsoft:    
  auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize    
  auth_http_method: GET    
  auth_params_mode: query-string    
  token_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token    
  token_http_method: POST    
  token_params_mode: request-body-form    
  redirect_uri: http://localhost:8080    
  #redirect_uri: https://login.microsoftonline.com/common/oauth2/nativeclient    
  tenant: eltehu    
  auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
  # here I masquerading as Thunderbird    
  client_id: 08162f7c-0fd2-4200-a84a-f25a4db0b584    
  client_secret: 'TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82'

Re: elte.hu login - was mailctl 0.8.5 released

Details
Message ID
<CR3WRQXAUOJG.35ZMRR8WS1AXE@mashenka>
In-Reply-To
<20230311221717.cetr5akpvfhbqckf@localhost> (view parent)
DKIM signature
missing
Download raw message
On Sat Mar 11, 2023 at 23:17, Peter Dobsan wrote:
>
>  I forgot to disable posting on the announcement list. Done now. I try to
>  get this thread over to the discussion list. 

Sorry, and I wasn't paying attention ...

>
> On Sat, Mar 11, 2023 at 09:10:51PM +0100, Bence Ferdinandy wrote:
> > Based on some of the emails, I don't think this was supposed to solve my issue,
> > but just wanted to confirm I still can't log in. 
>
> Yes and no ... long story.
>
> But it seems to work for me up to the point of login!

Yes, I can get to the login page, but supplying my password and trying to
proceed leads to the error I put on paste.sr.ht.

> Using the same command (no --company):
>
>   % mailctl authorize microsoft ferdinandy.bence@ttk.elte.hu
>   To grant OAuth2 access to ferdinandy.bence@ttk.elte.hu visit the local URL below with your browser.
>   http://localhost:8080/start
>   Authorization started ... 
>
> In my browser I get your elte login page with the library background
> image:
>
>   <Elte logo>
>
>   ferdinandy.bence@ttk.elte.hu
>   Enter password
>   Forgot my password
>   Sign in with another account
>
>   Amennyiben kérdése van vagy hibát tapasztal, a 6800-ás központi
>   ...
>
> So the only difference must be in our service.yaml file. Here is the
> microsoft section of mine:


>
> # https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow    
> microsoft:    
>   auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize    
>   auth_http_method: GET    
>   auth_params_mode: query-string    
>   token_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token    
>   token_http_method: POST    
>   token_params_mode: request-body-form    
>   redirect_uri: http://localhost:8080    
>   #redirect_uri: https://login.microsoftonline.com/common/oauth2/nativeclient    
>   tenant: eltehu    
>   auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
>   # here I masquerading as Thunderbird    
>   client_id: 08162f7c-0fd2-4200-a84a-f25a4db0b584    
>   client_secret: 'TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82'


There's actually I think two differences here, compared to mine, as I had
  token_http_method: GET
  token_params_mode: query-string

So I tried with your version as well, but supplying the password leads to the
same (or similar) error as before:
https://paste.sr.ht/~ferdinandyb/961874403c263c605dc080581c8ebda9d1058794

Best,
Bence

--
+36305425054 
bence.ferdinandy.com

Re: elte.hu login - was mailctl 0.8.5 released

Details
Message ID
<20230312213733.osgmxm5u3uqeglgl@localhost>
In-Reply-To
<CR3WRQXAUOJG.35ZMRR8WS1AXE@mashenka> (view parent)
DKIM signature
missing
Download raw message
On Sat, Mar 11, 2023 at 11:30:53PM +0100, Bence Ferdinandy wrote:
> 
> Yes, I can get to the login page, but supplying my password and trying to
> proceed leads to the error I put on paste.sr.ht.

Hmm, unfortunate.

However, there are still two cases when it works completely.

Arthur Borsboom uses an unusual (but maybe the right one) token_endpoint
which comes from the Azure config console:

  Azure Active Directory > Applications > App registrations > EndPoints
  > OAuth 2.0 token endpoint (v2)

  screenshot of the config process: https://0x0.st/Hige.png

Here is Arthur's service.yaml file:

microsoft:
  auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  auth_http_method: GET
  auth_params_mode: query-string
  token_endpoint: https://login.microsoftonline.com/b96XXXXXXXXXXXXXXXXXXXX/oauth2/v2.0/token
  token_http_method: POST
  token_params_mode: request-body-form
  redirect_uri: https://sub.domain.com
  auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send
+offline_access
  client_id: b1fXXXXXXXXXXXXXXXXX
  client_secret: LpnXXXXXXXXXXXXXXXXXXX

That works perfectly with 0.8.5 according to Arthur.

The other working case comes from David Gardner. It is complicated so
I refer to his email here:
https://lists.sr.ht/~petrus/mailctl-discuss/%3C87a60klsrs.fsf%40shako.mail-host-address-is-not-set%3E

This is similar to the "false mailing address" trick for google
company/institute accounts what I implemented under the --company flag.

By the way, "--company" is an unfortunate name since it confuses users
by making them believe that it should/could be used for microsoft
accounts too. That does not work. I should rename it to
"--google-company".

I could implement David's trick under the name of "--microsoft-company"
but I would feel more comfortable with a "proper", whatever that means,
solution without tricks: get the right service.yaml config; also using
the tenant: field to the right effect.

I keep hearing that the tenant field is used by Microsoft's
authorization flow and the current mailctl now sends it in correctly.
You microsoft users just need to figure out what to put in it in the
config file.

So here you have it. It works! well almost ;-) Bence, would you mind to
try these two variations described above for your use case?

Cheers,
  Peter

Re: elte.hu login - was mailctl 0.8.5 released

Details
Message ID
<CREXA46M9XFL.36APOX858UI6Z@mashenka>
In-Reply-To
<20230312213733.osgmxm5u3uqeglgl@localhost> (view parent)
DKIM signature
missing
Download raw message
Hi,

sorry for the slow answer, I've switched jobs and it's pretty time consuming ...

On Sun Mar 12, 2023 at 22:37, Peter Dobsan wrote:
> Arthur Borsboom uses an unusual (but maybe the right one) token_endpoint
> which comes from the Azure config console:
>
>   Azure Active Directory > Applications > App registrations > EndPoints
>   > OAuth 2.0 token endpoint (v2)
>
>   screenshot of the config process: https://0x0.st/Hige.png
>
> Here is Arthur's service.yaml file:
>
> microsoft:
>   auth_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
>   auth_http_method: GET
>   auth_params_mode: query-string
>   token_endpoint: https://login.microsoftonline.com/b96XXXXXXXXXXXXXXXXXXXX/oauth2/v2.0/token
>   token_http_method: POST
>   token_params_mode: request-body-form
>   redirect_uri: https://sub.domain.com
>   auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send
> +offline_access
>   client_id: b1fXXXXXXXXXXXXXXXXX
>   client_secret: LpnXXXXXXXXXXXXXXXXXXX
>
> That works perfectly with 0.8.5 according to Arthur.

I've tried this, although I don't quite understand the sub.domain.com part. It
seems to lead to the same error unfortunately :/

>
> The other working case comes from David Gardner. It is complicated so
> I refer to his email here:
> https://lists.sr.ht/~petrus/mailctl-discuss/%3C87a60klsrs.fsf%40shako.mail-host-address-is-not-set%3E
>

I also tried building mailctl for this, but I've never used cabal before and ran into this:

    ❯ ~/.cabal/bin/cabal --version
    cabal-install version 3.10.1.0
    compiled using version 3.10.1.0 of the Cabal library
    ❯ ~/.cabal/bin/cabal install --install-method=copy
    Error: cabal: Could not resolve dependencies:
    [__0] trying: mailctl-0.8.6 (user goal)
    [__1] next goal: base (dependency of mailctl)
    [__1] rejecting: base-4.13.0.0/installed-4.13.0.0 (conflict: mailctl =>
    base>=4.14.3.0)
    [__1] rejecting: base-4.18.0.0, base-4.17.0.0, base-4.16.4.0, base-4.16.3.0,
    base-4.16.2.0, base-4.16.1.0, base-4.16.0.0, base-4.15.1.0, base-4.15.0.0,
    base-4.14.3.0, base-4.14.2.0, base-4.14.1.0, base-4.14.0.0, base-4.13.0.0,
    base-4.12.0.0, base-4.11.1.0, base-4.11.0.0, base-4.10.1.0, base-4.10.0.0,
    base-4.9.1.0, base-4.9.0.0, base-4.8.2.0, base-4.8.1.0, base-4.8.0.0,
    base-4.7.0.2, base-4.7.0.1, base-4.7.0.0, base-4.6.0.1, base-4.6.0.0,
    base-4.5.1.0, base-4.5.0.0, base-4.4.1.0, base-4.4.0.0, base-4.3.1.0,
    base-4.3.0.0, base-4.2.0.2, base-4.2.0.1, base-4.2.0.0, base-4.1.0.0,
    base-4.0.0.0, base-3.0.3.2, base-3.0.3.1 (constraint from non-upgradeable
    package requires installed instance)
    [__1] fail (backjumping, conflict set: base, mailctl)
    After searching the rest of the dependency tree exhaustively, these were the
    goals I've had most trouble fulfilling: base, mailctl

How can I get around this?

> This is similar to the "false mailing address" trick for google
> company/institute accounts what I implemented under the --company flag.
>
> By the way, "--company" is an unfortunate name since it confuses users
> by making them believe that it should/could be used for microsoft
> accounts too. That does not work. I should rename it to
> "--google-company".
>
> I could implement David's trick under the name of "--microsoft-company"
> but I would feel more comfortable with a "proper", whatever that means,
> solution without tricks: get the right service.yaml config; also using
> the tenant: field to the right effect.
>
> I keep hearing that the tenant field is used by Microsoft's
> authorization flow and the current mailctl now sends it in correctly.
> You microsoft users just need to figure out what to put in it in the
> config file.

:D This doesn't seem easy apparently :D Let's hope we can get to the bottom of
this. Probably different tenant configs also don't help ...


Best,
Bence

-- 
+36305425054
bence.ferdinandy.com

Re: elte.hu login

Details
Message ID
<5kf4tka3ncb34zaolpnhlxxjb52nzzhtp6g4yy5dhotex2eomq@lsese2n343fh>
In-Reply-To
<CREXA46M9XFL.36APOX858UI6Z@mashenka> (view parent)
DKIM signature
missing
Download raw message
On Fri, Mar 24, 2023 at 10:14:12PM +0100, Bence Ferdinandy wrote:
> I also tried building mailctl for this, but I've never used cabal before and ran into this:
...
>     [__1] rejecting: base-4.18.0.0, base-4.17.0.0, base-4.16.4.0, base-4.16.3.0,
> 
> How can I get around this?

It looks like you are using the newest ghc 9.6.1. mailctl doesn't
compile with that yet but ghc 9.4.4 works fine. Something like that:

      ghcup install ghc 9.4.4
      ghcup set ghc 9.4.4
      ghcup install cabal 3.10.1.0
      ghcup set cabal 3.10.1.0
      cabal update
      ...
      cabal install

Cheers,
  Peter

Re: elte.hu login - was mailctl 0.8.5 released

Details
Message ID
<CRU7MC4VOJZD.7GEZP1QA1F0F@mashenka>
In-Reply-To
<20230312213733.osgmxm5u3uqeglgl@localhost> (view parent)
DKIM signature
missing
Download raw message
Hey Peter,

sorry for the long wait.

> The other working case comes from David Gardner. It is complicated so
> I refer to his email here:
> https://lists.sr.ht/~petrus/mailctl-discuss/%3C87a60klsrs.fsf%40shako.mail-host-address-is-not-set%3E

I ended up doing this, but changed "company-email" to only the domain part of
the email address (ttk.elte.hu from xy@ttk.elte.hu). So a slight change here
with a split('@')[1] (in pythonese) instead of company-email might actually do
the trick for everyone.

> This is similar to the "false mailing address" trick for google
> company/institute accounts what I implemented under the --company flag.
>
> By the way, "--company" is an unfortunate name since it confuses users
> by making them believe that it should/could be used for microsoft
> accounts too. That does not work. I should rename it to
> "--google-company".
>
> I could implement David's trick under the name of "--microsoft-company"
> but I would feel more comfortable with a "proper", whatever that means,
> solution without tricks: get the right service.yaml config; also using
> the tenant: field to the right effect.

I wonder if the above change would break it for google? In the meantime I lost
access to my google company address, so I can't test that, unfortunately.

>
> I keep hearing that the tenant field is used by Microsoft's
> authorization flow and the current mailctl now sends it in correctly.
> You microsoft users just need to figure out what to put in it in the
> config file.

Or rather how nice it would be if MS did what everybody else does with these :)
Although they have exchange so let's not even talk about that for now :D

>
> So here you have it. It works! well almost ;-) Bence, would you mind to
> try these two variations described above for your use case?

The other solution did not work for me for some reason.

Best,
Bence


-- 
+36305425054
bence.ferdinandy.com
Reply to thread Export thread (mbox)