Steffen Nurpmeso wrote in <20230417193326.d_rw9%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in | <20230414004746.fn4a_%stef...@sdaoden.eu>: ||Ian Collier wrote in || <zdh4+qm3kqrjd...@cs.ox.ac.uk>: |||On Thu, Apr 13, 2023 at 05:05:31PM -0400, Craig Gallek wrote: |||> I've managed to get this to work with gmail: |||> https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py.RE\ |||> A\ |||> \ |||> DME#L85 ||| |||I have used the mutt_oauth2.py script to authenticate against an institu\ |||tional |||office365 account over IMAP (script is at URL above with .README removed\ |||). \ | ... ||| I |||changed exactly two things in the script: (a) the GPG identity, and (b): |||'client_id': '9e5f94bc-e8a4-4e73-b8be-63364c29d753' ... ||I can confirm that this one works, both IMAP and SMTP are ||possible, tenant=common! However, they now forbid "devicecode" ||flow. "auth" works. ("redirect" not tried. And tThis is all my ... |P.S.: after i changed the "tenant" of my own application ID to |common, i can access outlook via IMAP _and_ SMTP again. Back in |last October it nonetheless worked with the tenant ID that the |application registration generated.
But i had to make yet another change to make my own script truly work again. Microsoft must have changed their software, because one now must pass the "scope" around in all OAuth 2.0 requests, otherwise you get only an access token, but the refresh_token is missing. (We update the configuration and take what they give us. They actively strip "offline_access" btw.) This is one more divertion from the standard RFC 6749 that they produced themselves. And back in last October it was unnecessary. As i am out of bandwidth i was unable to verify that Google and Yandex still work with this change being implemented. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
