On Fri, 19 Aug 2022, Christopher Hawker via mailop wrote:
Hello Benoit,
What mail client is being used, that doesn't support Oauth2?
Benoit seems to be talking about "tools" more than "programs" or "apps",
so I am not sure that his problem is just mail clients, but likely also
includes other software, such as tracking and ticketing systems etc.,
that run an organisational information system on top of email.
From my experience with alpine and fetchmail, Oauth2 support is not
sufficient; you also need a layer which keeps the token up to date.
This seems to be different for each service/authentication provider
and requires an application specific code, which for open source
seems to require several of the following: a developer who is happy to
spend large amount of time jumping through licencing hoops including data
protectiong agreements; users signing up as app developers; weekly
re-licencing (I don't believe that this is just the user token) or
substantial fees.
Regards,
Christopher Hawker
________________________________
From: mailop <mailop-boun...@mailop.org> on behalf of Benoît Panizzon via mailop
<mailop@mailop.org>
Sent: Friday, August 19, 2022 4:41 PM
To: mailop@mailop.org <mailop@mailop.org>
Subject: [mailop] Microsoft Office365 blocking non Oauth2 authentication on
IMAP and SMTP.
Hi Team
I am involved in a large non profit organisation in Switzerland.
A couple of years ago, that organisation got persuaded to switch to
Office365 as they got a good offer for non profit organisations. One of
the promises at that time: Everyone could continue working as before as
all clients could connect via IMAP and SMTP, so migration all existing
volunteer accounts and tools would work seamlessly.
Most email user are 'external' volunteers.
Now more and more co-volunteers, including myself get locked out of
their email accounts, because Microsoft disabled non Oauth2 token
authentication. Tools stop working. (usually found out after repeatedly
going through the password reset recovery procedure and still not being
able to log in).
Using the web-based tools is not an option.
The Problem: Most client are unable to use Oauth2. There are
mailinglist tools which connect to a mailbox to process bounces as
example. But any other tool generating emails and sending them via SMTP
is affected.
Some tools are able to do Oauth2, but the help from the 'Domain
Administrator' is needed, to register those tools as 'trusted app' with
Microsoft Azure to get a unique client-id for that tool, but then again
the token renewal then fails after some time (this needs to be
done via a HTTP request somehow) needing a lot of attention to keep
those tools running.
Microsoft Support states, they won't re-enable tokenless authentication
and the provide no help at all to get tools back online which do not
work any more.
I wonder: How do other Microsoft Office365 customers mitigate this
situation?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
