#717 O365Interactive and 2FA Cookies

[Joseph Reagle]

My university now uses 2FA. This means that when using DavMail and O365Interactive I have to sign in, then ask their 2FA authentication system to challenge me. This is a hassle (and very common given the crashes). During the interactive portion, I can click "accept this computer for 30 days" but that never sticks. I assume the O365Interactive context doesn't maintain cookies across sessions?

[Mickael Guessant]

Well, I already know how to fix this: I need to implement Oauth refresh token persistence. As those tokens typically have a 60 to 90 days expiration this would help in your case.

We need to make sure this storage is secure: I intend to encrypt token with client provided password (currently not used with O365Interactive)

[John SMITH]

+1

[Mickael Guessant]

Ok, first implementation available in trunk build.
Please set;
davmail.oauth.persistToken=true

Will make this the default value after user feedback.
Note: please make sure you use a non trivial password on the client side, as this password is used to encrypt token. It does not have to be your actual O365 password with interactive authenticators.

[Joseph Reagle]

I downloaded trunk, but I still find it confusing that it's version number is the same as the older trunk I had and the "About" says there's a newer version. I've added davmail.oauth.persistToken=true to my ~/.davmail.properties (MacOS) and will let you know how it goes.

[Joseph Reagle]

I think it's too early to say anything definite. But I haven't seen the 2FA popup in the past 24 hours. However, I do still often have to past the redirected URL at Microsoft into the DavMail prompt.

[Joseph Reagle]

Yes, this definitely helps. Re-authenticating after a crash has gone from an impediment to a nuisance.

[Mickael Guessant]

Great, thanks for your feedback