Arnt, On Feb 13, 2020, at 01:29, Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote: > > On Wednesday 12 February 2020 19:31:23 CET, Alexander Perlis wrote: >> But instead of waiting for Microsoft to make the almost trivial change to >> support and advertise OAUTHBEARER on their server, which would be the >> correct long-term solution here, the short-term compromise would be for Mutt >> to recognize XOAUTH2. > > I've brought this to the attention of the right people at Microsoft, and > would not bother with a short-term hack just yet.
Awesome! Here's another OAuth2 obstacle involving Microsoft. This one is a bit more complicated, but perhaps you can also bring this to their attention. OAuth2 involves "token servers / authorization endpoints". To my knowledge, Microsoft provides 3 such endpoints: Consumer endpoint: account.live.com Azure v1 endpoint: login.microsoftonline.com/common/oauth2 Converged v2 endpoint: login.microsoftonline.com/common/v2.0/oauth2 According to Microsoft, https://developer.microsoft.com/en-us/office/blogs/transition-your-app-from-live-apis-to-outlook-rest-apis/ the "converged v2" endpoint is supposed to accept either consumer accounts or Azure accounts. My experiments indicate the converged v2 endpoint simply redirects requests involving a consumer account over to the consumer endpoint. However, before doing so, the converged v2 endpoint examines the requested scopes and returns an error if any scope is unfamiliar. This is a problem. The v2 endpoint doesn't recognize the "wl.imap" scope used with consumer accounts. This scope works fine if one were to connect directly to the consumer endpoint. It now appears that a different scope (possibly "imap.accessasuser.all") will be used with Azure accounts on the v2 endpoint. But will that scope also work with consumer accounts? Unless the situation is sorted out and properly "converged", the Mutt documentation is going to be confusing for users: "Well, for Microsoft e-mail users, if you're trying to connect to a non-Azure consumer accounts like Hotmail or Outlook.com, then configure "account.live.com" as the endpoint and "wl.imap" as the scope. But if you have an Azure account typically used with Office365, then configure "login.microsoftonline.com/common/oauth2" as the endpoint and "imap.accessasuser.all" as the scope. Note that Microsoft also sells an online office subscription called "Office365" for consumer accounts, so the term "Office365" by itself does not tell you whether you have a non-Azure or Azure account. If you are able to log in to "portal.azure.com" then you have an Azure account." Wouldn't it be much nicer if the documentation could simply be: "For Microsoft-based e-mail (Hotmail, Outlook.com, Office365, etc), configure "login.microsoftonline.com/common/oauth2" as the endpoint and "imap.accessasuser.all" as the scope." --Alex
