~petrus/mailctl-discuss

2

microsoft login

Details
Message ID
<87a60klsrs.fsf@shako.mail-host-address-is-not-set>
DKIM signature
missing
Download raw message
Hi,


I've not tried any past releases to compared but the latest release
doesn't quite work for the O365 company authorisation flow for me
either.
However, I have found a workaround but I have no idea why it works!  :D

[Example email addresses given just to show what's going on, but I can
provide a full debug log directly, with the real info in, if required]


Running `mailctl authorize microsoft my@email.ac.uk --company`
..gets me the localhost:8080 link and when I visit that I get a box with
'company-mail' already filled in (from lib/MailCtl/Authorization.hs line
390).  If I try to put my actual work email in then I just get errors
saying it can't be found.

So I click the "sign-in options" and then "sign in to an organisation
(search for a company or an organisation you're working with)", then put
my company domain in and it sends me to a different login page to
attempt to log in.

Now here's where it's wierd:

1) With the standard 'company-mail' line in the Authorization.hs source I
   get sent to a "login.live.com" login page at this point via the
   login.microsoftonline.com location which flashes past briefly, but it
   should be an O365 "login.microsoftonline.com" login page for my
   organisation.  It also puts "company-mail' as the email address on
   the login.live.com page and I cannot change it on this login page.

2) If I change the Authorization.hs line to read as follows:

     then forkIO $ localWebServer mvar env serv (EmailAddress "my@email.ac.uk")

   ..and rebuild mailctl, then when I click the localhost:8080 link I
   get the correct login page with the correct username and email shown,
   but then the same invalid request error as the original reporter on
   this thread when I attempt to log in.

3) If, however, I put a different email address on the same domain in the
   Authorization.hs call:

     then forkIO $ localWebServer mvar env serv (EmailAddress "other@email.ac.uk")

   ..then I get the plain initial login page, go to sign-in
   options->org->put the domain in then I get to the
   login.microsoftonline.com correct sign-in page and everything works!


Of course, after (3) the written auth file has the wrong filename as
it's the "other@email.ac.uk" address, but the content works once the
file has been renamed to the right address.


The 'tenant' setting in the services.yaml file doesn't appear to affect
this, but it does feel like it should do as it seems like this is to do
with the tenant which is being selected during auth.


I have absolutely no idea why this works, nor how the authorization
workflow works, but this has at least let me use mailctl successfully
with msmtp and offlineimap against an O365 account.

If there's more debugging I can help with to make this work properly
then I'm happy to help, and I can provide msmtp and offlineimap config
templates according to what is working for me against O365 :)


        Cheers,

                David
Details
Message ID
<20230310225434.ydlw46kihq5qngyd@localhost>
In-Reply-To
<87a60klsrs.fsf@shako.mail-host-address-is-not-set> (view parent)
DKIM signature
missing
Download raw message
On Fri, Mar 10, 2023 at 12:01:27PM +0000, David Gardner wrote:
> I've not tried any past releases to compared but the latest release
> doesn't quite work for the O365 company authorisation flow for me
> either.
> However, I have found a workaround but I have no idea why it works!  :D

Thank you for sending the details of your experience. They are helpful, I
hope that together with another related debugging effort we are getting
closer to untangling this nightmarish micorsoft API. I don't have any kind
of microsoft, in particular institutional, account so I have to rely on my
users' feedback.

Before I reply to your email in details, may I ask you to subscribe the
mailctl mailing lists so I wouldn't need to worry about who among those
participating in this debugging work sees/receives what.

Details in the README
(https://git.sr.ht/~petrus/mailctl#issues-contributing-and-announcements)

Cheers,
  Peter
Details
Message ID
<20230312215656.obypwfjkgwegjh26@localhost>
In-Reply-To
<87a60klsrs.fsf@shako.mail-host-address-is-not-set> (view parent)
DKIM signature
missing
Download raw message
On Fri, Mar 10, 2023 at 12:01:27PM +0000, David Gardner wrote:
> The 'tenant' setting in the services.yaml file doesn't appear to affect
> this, but it does feel like it should do as it seems like this is to do
> with the tenant which is being selected during auth.

I think you right about that.

> then I'm happy to help, and I can provide msmtp and offlineimap config
> templates according to what is working for me against O365 :)

That would be great. Fist of all could you, please, send your
service.yaml file, XXXX out the sensitive details. Just include in the
email, the list server rejects attachments or use the
https://paste.sr.ht/ service.

Meanwhile mailctl 0.8.5 is out:
https://lists.sr.ht/~petrus/mailctl-announce/%3C20230311135638.fweidzcoylxjwm4o%40localhost%3E

Thanks,
  Peter
Reply to thread Export thread (mbox)