Dear Mutt Developers, This is not exactly a question about Mutt--more about OAuth2 authentication with Microsoft Office 365--but I wonder if anyone can advise.
I've been trying to configure Mutt for continued access to my university
e-mail account, which uses the IMAP/SMTP server outlook.office365.com.
I have successfully configured Mutt for my G-Mail account using one
of the official gitlab.com Python scripts to generate OAuth2 tokens.
But when I tried to do the same for my university e-mail account, I
found that I lacked permissions to create an "app registration" after
logging in to my account through a Web browser. When I created an "app
registration" by setting up a private Outlook account, the credentials
were not accepted.
I was able to get Thunderbird to access my university e-mail account with
OAuth2 authentication, and I had some hopes that as a workaround I could
paste the credentials generated by Thunderbird into the Mutt script.
Unfortunately, a grep search through the ~/.thunderbird directory
for "client_id," "client_secret," and "redirect_uri" yielded nothing.
(I presume Thunderbird is storing the relevant credentials in encrypted
form, making them appropriately hard to access.) This might not work
anyway; it seems possible that the Office 365 only recognizes Thunderbird
as an authorized "application." My recollection is that Thunderbird
initially created OAuth2 tokens with a call to a Web browser to log
in to my e-mail account and grant access; since then, any necessary
refreshed tokens are apparently generated automatically.
Having now used Thunderbird in lieu of Mutt for this account over the
past couple weeks, I am reminded of the considerable superiority of Mutt,
because of the security of text-only access, because when composing
e-mails with Mutt I can use countless vi macros that I've created over
the years, and because I can easily move IMAP e-mail into local mbox
files on my computer.
I raised this issue with my university IT department (see below) and
received a singularly unhelpful response (see below). My impression is
that I need to make a very clear and specific request for appropriate
permissions to create OAuth2 tokens. Is the least intrusive way to
proceed to request that my Azure account associated with my university
e-mail be granted permission in the Azure Active Directory in the Azure
AD role of "Application developer"?
Any other ideas or suggestions would be most welcome.
Sincerely,
Greg Marks
-------------------------------------------------------------
My message to university IT department:
I have been using the e-mail client Mutt to access my
SLU e-mail account, and this stopped working on Oct. 12;
apparently, the office365 accounts that SLU uses now require
OAuth2 authentication. I am trying to configure Mutt to
authenticate using OAuth2 following the instructions here:
https://gitlab.com/muttmua/mutt/-/blob/master/contrib/mutt_oauth2.py.README
I followed their instructions: "End users who aren't able to
get to the app registration screen within portal.azure.com for
their work/school account can temporarily use an incognito
browser window to create a free outlook.com account and use
that to create the app registration." At the stage when I
ran the command
./mutt_oauth2.py [redacted].tokens --verbose --authorize
on my local machine and pasted the localhostauthcode URL into
a browser, I received this error message:
Sorry, but we’re having trouble signing you in.
AADSTS700016: Application with identifier [redacted] was
not found in the directory 'Saint Louis University'. This
can happen if the application has not been installed by
the administrator of the tenant or consented to by any
user in the tenant. You may have sent your authentication
request to the wrong tenant.
Troubleshooting details
If you contact your administrator, send this info
to them. Copy info to clipboard
Request Id: 05f6c734-86f2-4457-b153-9b21afd80000
Correlation Id: c59462fa-68dc-4068-b0fa-2943b56545db
Timestamp: 2022-10-13T22:55:50Z
Message: AADSTS700016: Application with identifier
[redacted] was not found in the directory 'Saint Louis
University'. This can happen if the application has not
been installed by the administrator of the tenant or
consented to by any user in the tenant. You may have sent
your authentication request to the wrong tenant.
I have been able to configure Mozilla Thunderbird to access
my SLU e-mail account with OAuth2 authentication but greatly
prefer Mutt for a number of reasons, including security reasons.
Could you please provide a method for obtaining a usable
client_id, client_secret, and redirect_uri to generate the
necessary tokens for OAuth2 authentication in order to have
IMAP and SMTP access to my SLU e-mail account?
University IT department's reply to me:
We have received a response from our messaging team.
Unfortunately, as a third-party application, Mutt is not a
service that is supported by SLU ITS. As such we are not able
to offer any assistance with bringing it online. Outlook is
the university standard applications for email and is the
only one we can support in-depth. If Mozilla Thunderbird is
still working as you stated earlier, that can also be used.
If you have any further questions or concerns, please feel
free to reach back out to us at [phone number redacted].
signature.asc
Description: PGP signature
