Hi list,
I struggling, like possibly many others, to get mbsync to fetch emails
from microsoft accounts with (X)OAUTH especially now that admins are
disabling "device code flow" for security reasons.
So far I have used mbsync with oauth2ms[1]
PassCmd oauth2ms
AuthMechs XOAUTH2
with tenant_id and client_id specified in ~/.config/oauth2ms/config.json
or especially oama[2], as it permits using different accounts:
PassCmd "oama access user@domain"
AuthMechs XOAUTH2
with a thunderbird client_id specified in ~/.config/oama/config.yaml as
microsoft:
client_id: 9e5f94bc-e8a4-4e73-b8be-63364c29d753
To authorize oama I was using the "device code flow"
oama authorize microsoft user@domain --device
which sent me to a webpage where I made a 2FA login via a hardware
security USB key.
Several admins are now disabling the "device code flow" for security
reasons and I can no longer authorize, getting an error described in
https://github.com/harishkrupo/oauth2ms/issues/9
Do I require both client_{id,secret} values from these admins to
authorize oama without device code flow? What if I can't get those
values from the admins?
How are others using mbsync with microsoft institutional accounts but
without "device code flow"?
Thanks for any help!
Peter
[1] https://github.com/harishkrupo/oauth2ms
[2] https://github.com/pdobsan/oama
_______________________________________________
isync-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/isync-devel