Hi Milan, On Wed, 1 Sept 2021 at 09:08, Milan Crha via evolution-list <evolution-list@gnome.org> wrote: > > On Tue, 2021-08-31 at 18:32 +0200, Vincent Hennebert via evolution-list > wrote: > > None of those worked :( Every time the OAuth window shows up, I enter > > my credentials, confirm the login from my phone’s app, and then get the > > same error. > > Hi, > I know those keys work fine, not only for me, thus the problem is > somewhere else. > > Your second message in this thread contains a snippet of the OAuth2 > debug log, but not enough of it. I'd need to see what had been sent to > the server, which resulted into the Bad Request response. The base64 > encoded things and the application and other IDs should be replaced, > similarly as you did before.
Here is the full log: (process:140669): libsoup-WARNING **: 17:38:32.604: gssapi step failed: No credentials were supplied, or the credentials were unavailable or inaccessible: SPNEGO cannot find mechanisms to negotiate (process:140669): libsoup-WARNING **: 17:38:32.833: gssapi step failed: No credentials were supplied, or the credentials were unavailable or inaccessible: SPNEGO cannot find mechanisms to negotiate [OAuth2] 2021-09-01 17:38:37.339 - Loaded URI: '<Org SSO URL>' [OAuth2] 2021-09-01 17:38:53.665 - Loaded URI: '<MFA URL>' [OAuth2] 2021-09-01 17:38:58.832 - Loaded URI: '<Another MFA URL>' [OAuth2] 2021-09-01 17:39:11.090 - Loaded URI: '<Back to different org SSO URL' [OAuth2] 2021-09-01 17:39:11.111 - Loaded URI: 'none-local://' > POST /<the_tenant_id>/oauth2/token HTTP/1.1 > Soup-Debug-Timestamp: 1630510751 > Soup-Debug: SoupSession 1 (0x561d22db7c40), SoupMessage 1 (0x561d239b0e60), SoupSocket 1 (0x561d2423d3f0) > Host: login.microsoftonline.com > Content-Type: application/x-www-form-urlencoded > Connection: close > Accept-Encoding: gzip, deflate > Accept-Language: en-gb, en;q=0.9 > > grant_type=authorization_code&code=<the_code>&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&client_id=<the_client_id> < HTTP/1.1 400 Bad Request < Soup-Debug-Timestamp: 1630510752 < Soup-Debug: SoupMessage 1 (0x561d239b0e60) < Cache-Control: no-store, no-cache < Pragma: no-cache < Content-Length: 485 < Content-Type: application/json; charset=utf-8 < Expires: -1 < Strict-Transport-Security: max-age=31536000; includeSubDomains < X-Content-Type-Options: nosniff < P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" < x-ms-request-id: 2a59b83a-6019-45a9-b190-5bda25ba4300 < x-ms-ests-server: 2.1.11984.12 - SCUS ProdSlices < Set-Cookie: fpc=<cookie>; expires=Fri, 01-Oct-2021 15:39:12 GMT; path=/; secure; HttpOnly; SameSite=None < Set-Cookie: x-ms-gateway-slice=estsfd; path=/; secure; httponly < Set-Cookie: stsservicecookie=estsfd; path=/; secure; httponly < Date: Wed, 01 Sep 2021 15:39:12 GMT < Connection: close < < {"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 2a59b83a-6019-45a9-b190-5bda25ba4300\r\nCorrelation ID: c9bef423-5107-4b78-9c31-0c1d445ded9c\r\nTimestamp: 2021-09-01 15:39:12Z","error_codes":[9002313],"timestamp":"2021-09-01 15:39:12Z","trace_id":"2a59b83a-6019-45a9-b190-5bda25ba4300","correlation_id":"c9bef423-5107-4b78-9c31-0c1d445ded9c","error_uri":"https://login.microsoftonline.com/error?code=9002313"} [OAuth2] 2021-09-01 17:39:12.436 - Loaded URI: 'none-local://' I thought the first 2 warnings might have been associated with my other email accounts but actually not, I temporarily disabled them. DavMail shows more intermediate connections, but otherwise seemingly the same steps. > What values do you change in the OAuth2 settings of the Office 365 > account? Most of the values should be left empty, it's usually enough > to change/set the Application ID and left the rest empty. I’m only changing the Tenant and Application IDs. I obtain the OAB URL by clicking the ‘Fetch URL’ button, but I suppose it has nothing to do with this issue. > I think I saw similar error when I changed the Tenant ID to something > else, when I did not left it to its default value, which is "common". I > do not know how that works for your company though, due to the multi- > factor login. I’ve just tried again leaving the Tenant ID empty and I get the same error. > I'd guess the settings you use for the DAVMail are not exactly the same > as for the Evolution-EWS. The only other thing might be the resource > URI. It's currently derived from the Host Name, while it used to be > "https://outlook.office.com" in the past. I understood from your > messages that you did not update the evolution-ews, it's still the same > version, you only changed the password on the server. Well, I switched from the Flatpak version (3.40.3) to the distro version (3.40.4) to have better GNOME integration (and also with the vague hope that the issue might have been caused by some cached data), but I get the exact same error in both cases. I know that several of my colleagues are having the same issue. I found ‘https://outlook.office365.com’ somewhere in the DavMail log, so I tried to set the Resource URI to that in the Advanced Settings, but again same issue. > I cannot think of anything else right now, I'm sorry. Sure, hopefully the above will give you some hints. Thanks for your efforts anyway! Vincent _______________________________________________ evolution-list mailing list evolution-list@gnome.org To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list