~petrus/mailctl-discuss

7 4

Example config for Outlook Office365 (institutional)

Details
Message ID
<CS4GQOSGKRKG.10B5FYV32IH0B@manjaro>
DKIM signature
missing
Download raw message
Hi,

I just discovered mailclt and I am excited because I wish to use my
CLI mail programs with our institutional Outlook Office365 again.

Could you please provide an example config file that I can place in
~/.config/mailclt?

E.g. which name+extension should this file have, and what can I use as
clientID and secret? My Thunderbird is working with O365 and I found the
ID in the web, but no secret...

Best, Robert
Peter Dobsan <pdobsan@gmail.com>
Details
Message ID
<ftvkzdspyd7zd63ypycdalynkhkmmyzuxmcnwkh563unw5c3mo@2wnrihvleabx>
In-Reply-To
<CS4GQOSGKRKG.10B5FYV32IH0B@manjaro> (view parent)
DKIM signature
missing
Download raw message
On Sun, Apr 23, 2023 at 09:49:34PM +0000, Robert Winkler wrote:
> Could you please provide an example config file that I can place in
> ~/.config/mailclt?

There are config templates in the configs/ directory, also distributed
with the released packages.

Read the new instructions regarding microsoft accounts in the most
recent mailctl release.

You can find config excerpts in this mailing list thread:

  https://lists.sr.ht/~petrus/mailctl-discuss/%3C87fs92pvvg.fsf%40icmfp.com%3E

Hope these can get you going.

  Peter
Details
Message ID
<CS5738JNLAUX.BZ1MT9P1X1B4@rob-itx-mini>
In-Reply-To
<ftvkzdspyd7zd63ypycdalynkhkmmyzuxmcnwkh563unw5c3mo@2wnrihvleabx> (view parent)
DKIM signature
missing
Download raw message
On Sun Apr 23, 2023 at 5:29 PM CST, Peter Dobsan wrote:
> On Sun, Apr 23, 2023 at 09:49:34PM +0000, Robert Winkler wrote:
> > Could you please provide an example config file that I can place in
> > ~/.config/mailclt?
>
> There are config templates in the configs/ directory, also distributed
> with the released packages.
>
> Read the new instructions regarding microsoft accounts in the most
> recent mailctl release.
>
> You can find config excerpts in this mailing list thread:
>
>   https://lists.sr.ht/~petrus/mailctl-discuss/%3C87fs92pvvg.fsf%40icmfp.com%3E
>
> Hope these can get you going.
>
>   Peter

Thanks Peter,

I'm almost there, I think. The authorization screen looks fine, however, my password is not recognized:

"company-mail
Enter password
You've tried to sign in too many times with an incorrect account or password."

The text "company-mail" instead of my email address seems strange to me;
I would expect my email address 'robert.winkler@cinvestav.mx' there.

Another doubt: in the config.yaml: I placed the PGP ID of my private
account there. Is this fine, or should this be the PGP ID of the account
I want to connect to?

My services.yaml is:
microsoft:
  tenant: "common"
  auth_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
  auth_http_method: "GET"
  auth_params_mode: "query-string"
  token_endpoint: "https://login.microsoftonline.com/common/oauth2/v2.0/token"
  token_http_method: "POST"
  token_params_mode: "request-body-form"
  redirect_uri: "http://localhost:8080"
  auth_scope: https://outlook.office365.com/IMAP.AccessAsUser.All https://outlook.office365.com/SMTP.Send offline_access
  # Thunderbird client ID and secret:
  client_id: "08162f7c-0fd2-4200-a84a-f25a4db0b584"
  client_secret: "TxRBilcHdC6WGBee]fs?QR:SJ8nI[g82"

Any idea what I'm doing wrong?

Best regards,
Robert
Peter Dobsan <pdobsan@gmail.com>
Details
Message ID
<r63jswuw4qspbvmh3guqsc5kroz26utzlbdrifkcsoxnluqv3b@rqtidyhfwbsz>
In-Reply-To
<CS5738JNLAUX.BZ1MT9P1X1B4@rob-itx-mini> (view parent)
DKIM signature
missing
Download raw message
On Mon, Apr 24, 2023 at 06:24:43PM +0000, Robert Winkler wrote:
> The text "company-mail" instead of my email address seems strange to me;
> I would expect my email address 'robert.winkler@cinvestav.mx' there.

<you@company.email> stands for the email address at the organization in
case. So the command should be:

  mailctl authorize microsoft robert.winkler@cinvestav.mx

> Another doubt: in the config.yaml: I placed the PGP ID of my private
> account there. Is this fine, 

That is fine.

  Peter
Details
Message ID
<CS5BNPJLFGXY.3921EXV33H30E@rob-itx-mini>
In-Reply-To
<r63jswuw4qspbvmh3guqsc5kroz26utzlbdrifkcsoxnluqv3b@rqtidyhfwbsz> (view parent)
DKIM signature
missing
Download raw message
On Mon Apr 24, 2023 at 12:49 PM CST, Peter Dobsan wrote:
> On Mon, Apr 24, 2023 at 06:24:43PM +0000, Robert Winkler wrote:
> > The text "company-mail" instead of my email address seems strange to me;
> > I would expect my email address 'robert.winkler@cinvestav.mx' there.
>
> <you@company.email> stands for the email address at the organization in
> case. So the command should be:
>
>   mailctl authorize microsoft robert.winkler@cinvestav.mx
>
> > Another doubt: in the config.yaml: I placed the PGP ID of my private
> > account there. Is this fine, 
>
> That is fine.
>
>   Peter

Dear Peter,

if I omit the --company option, I'm getting a very basic (ugly) HTML
page, looking like this:

fed.cinvestav.mx
Iniciar sesión con la cuenta laboral
Cuenta de usuario
robert.winkler@cinvestav.mx
Contraseña
Contraseña
Iniciar sesión
=C 2016 Microsoft

I enter my password and get an error:

localWebServer - invalid request

Request
    { requestMethod = "POST"
    , httpVersion = HTTP/1.1
    , rawPathInfo = "/adfs/ls/"
    ...

I tried with Firefox and Brave.

Any idea?
Details
Message ID
<CS64KYBU87UT.25T0APTC1CIT8@mashenka>
In-Reply-To
<CS5BNPJLFGXY.3921EXV33H30E@rob-itx-mini> (view parent)
DKIM signature
missing
Download raw message
>
> fed.cinvestav.mx
> Iniciar sesión con la cuenta laboral
> Cuenta de usuario
> robert.winkler@cinvestav.mx
> Contraseña
> Contraseña
> Iniciar sesión
> =C 2016 Microsoft

I tried your account and indeed I also get to this ugly page, instead of the
company branded landing area. I also get that with my other company, which
I have not managed to log in at all. I haven't yet investigated that further,
but I think it has to do with the Azure AD SSO. Since I probably only have
Exchange access to that account I didn't really feel the need to look into this
deeper so that is all I know atm. 

Best,
Bence

-- 
+36305425054
bence.ferdinandy.com
Details
Message ID
<87wn1xzer8.fsf@icmfp.com>
In-Reply-To
<CS5BNPJLFGXY.3921EXV33H30E@rob-itx-mini> (view parent)
DKIM signature
missing
Download raw message
> if I omit the --company option, I'm getting a very basic (ugly) HTML
> page, looking like this:
>
> fed.cinvestav.mx
> Iniciar sesión con la cuenta laboral
> Cuenta de usuario
> robert.winkler@cinvestav.mx
> Contraseña
> Contraseña
> Iniciar sesión
> =C 2016 Microsoft
>
> I enter my password and get an error:
>
> localWebServer - invalid request
>
> Request
>     { requestMethod = "POST"
>     , httpVersion = HTTP/1.1
>     , rawPathInfo = "/adfs/ls/"
>     ...
>
> I tried with Firefox and Brave.
>
> Any idea?

I get that if I run mailctl (without --company) and then provide my
password on that login screen, but this workaround workflow works for
me, using the Thunderbird client ID and secret:

  Run `mailctl authorize microsoft <your@company.email>` with your
  proper email address, then when you visit the
  http://localhost:8080/start page, instead of trying to log in straight
  away (which leads to the "localWebServer - invalid request" dump), do
  the following:

  - Click "Sign in with another account"
  - Click "Sign-in options"
  - Click "Sign in to an organisation"
  - Put in the correct domain name which matches your company.email
    address above
  - Now log in as normal and this works without any file renaming or fake
    email addresses  :)

  The final login screen has redirected to the URL
  "https://login.microsoftonline.com/<domain>/oauth2/v2.0/authorize?client_id=..."
  ..rather than the original localhost address, but then redirects back
  to the localhost address as expected.


I've only got the one O365 corporate account to try it with so I've no
idea if it behaves differently for different tenants.

It's also possible that your O365 tenancy has IMAP completely disabled,
as that's apparently very common, so requests to authorize an app for
IMAP access won't work whatever you do in that case.
(But in your other thread you mention that Thunderbird and co work, so
that shouldn't be the problem here!)



        Hope this helps,

                David
Details
Message ID
<CS7TH7HU66MT.1M4JCSLXL7XBM@mashenka>
In-Reply-To
<87wn1xzer8.fsf@icmfp.com> (view parent)
DKIM signature
missing
Download raw message
> I get that if I run mailctl (without --company) and then provide my
> password on that login screen, but this workaround workflow works for
> me, using the Thunderbird client ID and secret:
>
>   Run `mailctl authorize microsoft <your@company.email>` with your
>   proper email address, then when you visit the
>   http://localhost:8080/start page, instead of trying to log in straight
>   away (which leads to the "localWebServer - invalid request" dump), do
>   the following:
>
>   - Click "Sign in with another account"
>   - Click "Sign-in options"
>   - Click "Sign in to an organisation"
>   - Put in the correct domain name which matches your company.email
>     address above
>   - Now log in as normal and this works without any file renaming or fake
>     email addresses  :)

I now (unfortunately) have two o365 accounts. One of them (a university one,
that has it's own SSO and doesn't use Azure AD) works like the one you describe
above. The other account, which is from a large company, that uses Azure AD for
SSO behaves the way Robert describes, instead of opening the usual MS login
screen it takes me to a not so fancy looking page (tbh, it looks like as if the
company branding CSS and images are somehow missing).

It seems MS can't keep it simple :)

Best,
Bence


-- 
+36305425054
bence.ferdinandy.com
Reply to thread Export thread (mbox)