Re: [Davmail-users] [Patch] Adding OAuth Support

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Le 11/10/2018 à 01:57, Henrique Martins a écrit :
>> Ok, I would need testers for new connection modes:
>> O365: Office 365 with classic username/password authentication or
>> application password
>> O365Modern: Office 365 modern authentication (Oauth2)
>> O365Interactive: Office 365 interactive authentication
> I may be able to test this, but how does one go about
> finding out which of the modes the server requires?

All those modes are for Office 365 only and will not work with on 
premise Exchange.

We may be able in the future to implement a similar approach for on 
premise Exchange, given the following prerequisites:

- authentication through a browser is possible (i.e. access 
exchangeserver/OWA)

- EWS endpoint is available after OWA authentication (i.e. access 
exchangeserver/EWS/Exchange.asmx)

=> the idea would be to retrieve cookies from JavaFX browser to 
initialize httpClient.

Back to Office365 modes :

- O365: same as EWS with Office 365 url => for O365 tenants without MFA 
or with MFA but application passwords allowed for Office 2010 and 
earlier compatibility

- O365Interactive: will open an authentication window to let you enter 
your credentials and go through MFA check and consent.

- O365Modern: same logic as O365Interactive, but use client provided 
credentials for Oauth negotiation, trigger PhoneApp MFA check transparently

Additional notes:

- You will have to give your consent to DavMail access on first call, 
check davmail log for exact url or use O365Interactive once

- You can use your own application client id instead of DavMail provided 
value, just create your application and add in davmail.properties:

davmail.oauth.clientId=<yourappid>

davmail.oauth.redirectUri=https://login.microsoftonline.com/common/oauth2/nativeclient

The required scopes are:

"requiredResourceAccess": [
         {
             "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
             "resourceAccess": [
                 {
                     "id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
                     "type": "Scope"
                 }
             ]
         },
         {
             "resourceAppId": "00000002-0000-0000-c000-000000000000",
             "resourceAccess": [
                 {
                     "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
                     "type": "Scope"
                 }
             ]
         }
     ],

In both cases (O365Interactive and O365Modern), once initial 
authentication succeeds DavMail keeps the refresh token and should 
automatically renew access token on expiration.

Note that this refresh token is not stored on disk, only in memory.

Regards,

-- 
Mickael Guessant
mailto:mgu...@fr...